Board index HACK HOW TO FIND HACKING

How did the hacker got in?

Postby a24uall » Sun Jul 14, 2013 2:50 pm

Any users managed to get root privilege?
Code: Select all
perl -n -e '@user = split /:/ ; print "@user[0]\n" if @user[2] == "0";' < /etc/passwd

[email protected][/tmp]# perl -n -e '@user = split /:/ ; print "@user[0]\n" if @user[2] == "0";' < /etc/passwd
root
sdrtect
ghhjtyu
root7
[email protected][/tmp]#

Or
[email protected][/tmp]# grep ":0:0:" /etc/passwd
root:x:0:0:root:/root:/bin/bash
sdrtect:x:0:0::/home/sdrtect:/bin/bash
ghhjtyu:x:0:0::/home/ghhjtyu:/bin/bash
root7:x:0:0::/home/root7:/bin/bash
[email protected][/tmp]#


Last ssh logged in IP address
lastlog
[email protected] [/tmp]# lastlog | grep -v "Never logged in"
Username Port From Latest
root pts/0 s2-jb.sevret-i Sun Jul 14 14:44:06 +0545 2013
sdrtect pts/0 s2-jb.sevret-i Sun Jul 14 14:44:06 +0545 2013
gghjhy pts/0 232.186.199.84 Fri Jun 21 14:52:17 +0545 2013
ghhjtyu pts/0 s2-jb.sevret-i Sun Jul 14 14:44:06 +0545 2013
root2 pts/0 s2-jb.sevret-i Sun Jul 14 14:44:06 +0545 2013
[email protected] [/tmp]#

Check for rootkits installed as in link below :
http://admin.webhostingdevelopment.com/viewtopic.php?f=40&t=62&p=70&hilit=rkhunter#p70
Arun
WebhostingDevelopment.com
a24uall
Site Admin
 
Posts: 166
Joined: Sun Jul 01, 2012 9:07 am

Return to HOW TO FIND HACKING

Who is online

Users browsing this forum: No registered users and 1 guest


cron