How did the hacker got in?

Post Reply
a24uall
Site Admin
Posts: 166
Joined: Sun Jul 01, 2012 9:07 am

How did the hacker got in?

Post by a24uall »

Any users managed to get root privilege?

Code: Select all

perl -n -e '@user = split /:/ ; print "@user[0]\n" if @user[2] == "0";' < /etc/passwd
[email protected][/tmp]# perl -n -e '@user = split /:/ ; print "@user[0]\n" if @user[2] == "0";' < /etc/passwd
root
sdrtect
ghhjtyu
root7
[email protected][/tmp]#
Or
[email protected][/tmp]# grep ":0:0:" /etc/passwd
root:x:0:0:root:/root:/bin/bash
sdrtect:x:0:0::/home/sdrtect:/bin/bash
ghhjtyu:x:0:0::/home/ghhjtyu:/bin/bash
root7:x:0:0::/home/root7:/bin/bash
[email protected][/tmp]#
Last ssh logged in IP address
lastlog
[email protected] [/tmp]# lastlog | grep -v "Never logged in"
Username Port From Latest
root pts/0 s2-jb.sevret-i Sun Jul 14 14:44:06 +0545 2013
sdrtect pts/0 s2-jb.sevret-i Sun Jul 14 14:44:06 +0545 2013
gghjhy pts/0 232.186.199.84 Fri Jun 21 14:52:17 +0545 2013
ghhjtyu pts/0 s2-jb.sevret-i Sun Jul 14 14:44:06 +0545 2013
root2 pts/0 s2-jb.sevret-i Sun Jul 14 14:44:06 +0545 2013
[email protected] [/tmp]#

Check for rootkits installed as in link below :
viewtopic.php?f=40&t=62&p=70&hilit=rkhunter#p70
Arun
WebhostingDevelopment.com
Post Reply

Return to “HOW TO FIND HACKING”