Fri Feb 21 19:06:40 HKT 2003
================================
Connected to ttyp0 snoop server...
Ctrl+'\' (ASCII 28) to suspend, Ctrl+'-' (ASCII 31) to terminate.
w
7:06pm up 4:47, 0 users, load average: 0.15, 0.03, 0.01
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
�]0;root@pc88: /root�[root@pc88 /root]# cd /usr/bin/.tux/tools
�]0;root@pc88: /usr/bin/.tux/tools�[root@pc88 tools]# cd sniffer
�]0;root@pc88: /usr/bin/.tux/tools/sniffer�[root@pc88 sniffer]# ./read tcp.log
Fri Feb 21 19:07:10 HKT 2003
-rw-r--r-- 1 root root 4994 Feb 21 16:50 tcp.log
----------------------------------------------------------------------
106 pc88
----------------------------------------------------------------------
Fri Feb 21 19:07:10 HKT 2003
-------------------------------------------------------------------EOF
�]0;root@pc88: /usr/bin/.tux/tools/sniffer�[root@pc88 sniffer]# cd ..
�]0;root@pc88: /usr/bin/.tux/tools�[root@pc88 tools]# ls
�[01;34mbitchx�[00m �[01;34mpsybnc�[00m �[01;34msniffer�[00m �[01;34mssh�[00m
�[01;34mecmf�[00m �[01;31mpsymicutz.tgz�[00m �[01;32msocklist�[00m �[01;34msynscan�[00m
�[01;34mexploits�[00m �[01;34mscan�[00m �[01;31msocklist.tgz�[00m �[01;34mutils�[00m
�]0;root@pc88: /usr/bin/.tux/tools�[root@pc88 tools]# ./socklist
type port inode uid pid fd name
tcp 513 1202 0 840 8 xinetd
tcp 514 1201 0 840 7 xinetd
tcp 995 1203 0 840 9 xinetd
tcp 1030 918 29 591 6 rpc.statd
tcp 1607 373 0 214 4 java
tcp 6668 355 0 203 3 sshdu
tcp 143 1204 0 840 10 xinetd
tcp 111 870 0 569 4 portmap
tcp 80 6127 0 1112 17 httpd
tcp 465 1124 0 785 3 atd
tcp 10003 14 0 19 3 smbd
tcp 21 1198 0 840 3 xinetd
tcp 22 1382 0 979 3 data_mining
tcp 23 1200 0 840 5 xinetd
tcp 25 1279 0 895 4 sendmail
tcp 6010 514695 0 19255 3 data_mining
tcp 443 6126 0 1112 16 httpd
tcp 1035 514755 0 19282 5 number_cum
tcp 22 514690 0 19255 4 data_mining
tcp 1607 514017 0 19189 3 java
udp 1024 915 29 591 5 rpc.statd
udp 514 506961 0 19157 7 syslogd
udp 69 1199 0 840 4 xinetd
udp 3049 13980 0 1576 5 who
udp 111 869 0 569 3 portmap
udp 123 1421 0 995 6 ntpd
udp 123 1420 0 995 5 ntpd
udp 123 1419 0 995 4 ntpd
udp 767 908 0 591 4 rpc.statd
�]0;root@pc88: /usr/bin/.tux/tools�[root@pc88 tools]# telnet localhost 10003
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
SSH-1.5-By-ICE_4_All ( Hackers Not Allowed! )
Connection closed by foreign host.
�]0;root@pc88: /usr/bin/.tux/tools�[root@pc88 tools]# killall -9 -vq sshdu smbd'� �
�]0;root@pc88: /usr/bin/.tux/tools�[root@pc88 tools]# kill -9 203 19
�]0;root@pc88: /usr/bin/.tux/tools�[root@pc88 tools]# ./socklist
type port inode uid pid fd name
tcp 513 1202 0 840 8 xinetd
tcp 514 1201 0 840 7 xinetd
tcp 995 1203 0 840 9 xinetd
tcp 1030 918 29 591 6 rpc.statd
tcp 1607 373 0 214 4 java
tcp 143 1204 0 840 10 xinetd
tcp 111 870 0 569 4 portmap
tcp 80 6127 0 1112 17 httpd
tcp 465 1124 0 785 3 atd
tcp 21 1198 0 840 3 xinetd
tcp 22 1382 0 979 3 data_mining
tcp 23 1200 0 840 5 xinetd
tcp 25 1279 0 895 4 sendmail
tcp 6010 514695 0 19255 3 data_mining
tcp 443 6126 0 1112 16 httpd
tcp 1035 514755 0 19282 5 number_cum
tcp 22 514690 0 19255 4 data_mining
tcp 1607 514017 0 19189 3 java
udp 1024 915 29 591 5 rpc.statd
udp 514 506961 0 19157 7 syslogd
udp 69 1199 0 840 4 xinetd
udp 3049 13980 0 1576 5 who
udp 111 869 0 569 3 portmap
udp 123 1421 0 995 6 ntpd
udp 123 1420 0 995 5 ntpd
udp 123 1419 0 995 4 ntpd
udp 767 908 0 591 4 rpc.statd
�]0;root@pc88: /usr/bin/.tux/tools�[root@pc88 tools]# cd psybnc
�]0;root@pc88: /usr/bin/.tux/tools/psybnc�[root@pc88 psybnc]# pico psybnc.conf
�[?1048h�[?1047h�[1;24r�[1;1H�[J�[7m UW PICO(tm) 4.0 New Buffer �[27m�[23;1H�[K�[24;1H�[K�[23;1H�[7m^�[27m�[7mG�[27m Get Help �[7m^�[27m�[7mO�[27m WriteOut �[7m^�[27m�[7mR�[27m Read File �[7m^�[27m�[7mY�[27m Prev Pg �[7m^�[27m�[7mK�[27m Cut Text �[7m^�[27m�[7mC�[27m Cur Pos �[K�[24;1H�[7m^�[27m�[7mX�[27m Exit �[7m^�[27m�[7mJ�[27m Justify �[7m^�[27m�[7mW�[27m Where is �[7m^�[27m�[7mV�[27m Next Pg �[7m^�[27m�[7mU�[27m UnCut Text�[7m^�[27m�[7mT�[27m To Spell �[K�[3;1H�[22;1H�[K�[22;33H�[7m[ Reading file ]�[27m�[22;1H�[K�[22;32H�[7m[ Read 31 lines ]�[27m�[1;34H�[7mFile: psybnc.conf�[27m�[3;1HPSYBNC.SYSTEM.PORT1=6668�[4;1HPSYBNC.SYSTEM.HOST1=*�[5;1HPSYBNC.HOSTALLOWS.ENTRY0=*;*�[6;1HUSER1.USER.LOGIN=sokeres�[7;1HUSER1.USER.USER=No Info�[8;1HUSER1.USER.PASS=='I`J1v`z'd1o'70q1D�[9;1HUSER1.USER.RIGHTS=1�[10;1HUSER1.USER.VLINK=0�[11;1HUSER1.USER.PPORT=0�[12;1HUSER1.USER.PARENT=0�[13;1HUSER1.USER.QUITTED=0�[14;1HUSER1.USER.DCCENABLED=1�[15;1HUSER1.USER.AUTOGETDCC=0�[16;1HUSER1.USER.AIDLE=0�[17;1HUSER1.USER.LEAVEQUIT=0�[18;1HUSER1.USER.AUTOREJOIN=1�[19;1HUSER1.USER.SYSMSG=1�[20;1HUSER1.USER.LASTLOG=0�[21;1HUSER1.USER.AWAYNICK=micutzu�[3;1H�[4;1H�[5;1H�[6;1H�[7;1H�[8;1H�[9;1H�[10;1H�[11;1H�[12;1H�[13;1H�[14;1H�[15;1H�[16;1H�[17;1H�[18;1H�[19;1H�[20;1H�[21;1H�[3;1HUSER1.USER.QUITTED=0�[K�[4;1HUSER1.USER.DCCENABLED=1�[5;1HUSER1.USER.AUTOGETDCC=0�[K�[6;12HAIDLE=0�[K�[7;12HLEAVEQUIT=0 �[8;12HAUTOREJOIN=1�[K�[9;12HSYSMSG�[10;12HLASTLOG=0�[11;12HAWAYNICK=micutzu�[12;12HAWAY=^C4Nu m?ncred dec�t �n mine. ^_^BE mai bine!�[13;12HLEAVEMSG=Urmarit cautat De Toata Politia !�[14;12HVHOST=pc88.ie.cuhk.edu.hk�[15;12HNICK=mIcUtZzu�[16;7HCHANNELS.ENTRY6=#purelinux�[17;7HCHANNELS.ENTRY8=#h-zone�[18;7HCHANNELS.KEY6=r00t�[19;7HCHANNELS.ENTRY9=#iubaretzii�[20;7HSERVERS.SERVER1=atlanta.ga.us.undernet.org�[21;7HSERVERS.PORT3=6667 �[12;1H�[13;1H�[14;1H�[15;1H�[16;1H�[17;1H�[18;1H�[22;1H�[K�[19;1H�[20;1H�[21;1H�[3;12HLEAVEMSG=Urmarit cautat De Toata Politia !�[4;12HVHOST=pc88.ie.cuhk.edu.hk�[5;12HNICK=mIcUtZzu�[6;7HCHANNELS.ENTRY6=#purelinux�[7;7HCHANNELS.ENTRY8=#h-zone�[8;7HCHANNELS.KEY6=r00t�[9;7HCHANNELS.ENTRY9=#iubaretzii�[10;7HSERVERS.SERVER1=atlanta.ga.us.undernet.org�[11;7HSERVERS.PORT3=6667 �[12;7HSERVERS.SERVER3=irc.hell.nl�[K�[13;7HSERVERS.PORT1=6667�[K�[14;1H�[K�[15;1H�[K�[16;1H�[K�[17;1H�[K�[18;1H�[K�[19;1H�[K�[20;1H�[K�[21;1H�[K�[12;1H�[13;1H�[14;1H�[22;1H�[K�[22;14H�[7m[ line 32 of 32 (100%), character 873 of 873 (100%) ]�[27m�[14;1H�[1;70H�[7mModified�[27m�[15;1H�[23;1H �[7mY�[27m Yes �[K�[24;2H�[7mC�[27m Cancel �[7mN�[27m No �[K�[22;1H�[K�[7mSave modified buffer (ANSWERING "No" WILL DESTROY CHANGES) ? �[22;62H�[27m�[7m�No�[27m�[23;1H�[K�[24;1H�[K�[?1047l�[?1048l�]0;root@pc88: /usr/bin/.tux/tools/psybnc�[root@pc88 psybnc]#
�]0;root@pc88: /usr/bin/.tux/tools/psybnc�[root@pc88 psybnc]# ./fam
.-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-.
,----.,----.,-. ,-.,---.,--. ,-.,----.
| O || ,-' \ \/ / | o || \| || ,--'
| _/ _\ \ \ / | o< | |\ || |__
|_| |____/ |__| |___||_| \_| \___|
Version 2.2.2 (c) 1999-2001
the most psychoid
and the cool lam3rz Group IRCnet
`-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=tCl=-'
Configuration File: psybnc.conf
No logfile specified, logging to log/psybnc.log
Listening on: 0.0.0.0 port 6668
psyBNC2.2.2-cBtITLdDMSNp started (PID 19330)
�]0;root@pc88: /usr/bin/.tux/tools/psybnc�[root@pc88 psybnc]# cd ..
�]0;root@pc88: /usr/bin/.tux/tools�[root@pc88 tools]# ./socklist
type port inode uid pid fd name
tcp 513 1202 0 840 8 xinetd
tcp 514 1201 0 840 7 xinetd
tcp 995 1203 0 840 9 xinetd
tcp 1030 918 29 591 6 rpc.statd
tcp 1607 373 0 214 4 java
tcp 6668 520381 0 19330 9 fam
tcp 143 1204 0 840 10 xinetd
tcp 111 870 0 569 4 portmap
tcp 80 6127 0 1112 17 httpd
tcp 465 1124 0 785 3 atd
tcp 21 1198 0 840 3 xinetd
tcp 22 1382 0 979 3 data_mining
tcp 23 1200 0 840 5 xinetd
tcp 25 1279 0 895 4 sendmail
tcp 6010 514695 0 19255 3 data_mining
tcp 443 6126 0 1112 16 httpd
tcp 6668 522291 0 19330 14 fam
tcp 6668 0 0 0 0
tcp 1037 520389 0 19330 13 fam
tcp 1035 514755 0 19282 5 number_cum
tcp 22 514690 0 19255 4 data_mining
tcp 6668 0 0 0 0
tcp 1607 514017 0 19189 3 java
udp 1024 915 29 591 5 rpc.statd
udp 514 506961 0 19157 7 syslogd
udp 69 1199 0 840 4 xinetd
udp 3049 13980 0 1576 5 who
udp 111 869 0 569 3 portmap
udp 123 1421 0 995 6 ntpd
udp 123 1420 0 995 5 ntpd
udp 123 1419 0 995 4 ntpd
udp 767 908 0 591 4 rpc.statd
�]0;root@pc88: /usr/bin/.tux/tools�[root@pc88 tools]# ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Bcast:127.255.255.255 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:1280 errors:20 dropped:0 overruns:0
TX packets:0 errors:0 dropped:0 overruns:1280
eth0 Link encap:10Mbps Ethernet HWaddr 00:50:56:49:80:55
inet addr:192.168.20.1 Bcast:192.168.20.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:895234 errors:12582 dropped:0 overruns:0
TX packets:0 errors:0 dropped:0 overruns:681821
Interrupt:11 Base address:0x1080
�]0;root@pc88: /usr/bin/.tux/tools�[root@pc88 tools]#
Back at local tty.
end at Fri Feb 21 19:10:28 HKT 2003
----------------------------------