Did anyone else start experiencing physical pain when the hacker accessed the right file in the wrong place for the hundredth time without typing "ls" ONCE?
I had no idea the reflex was so strong, but I almost starting twitching. I caught myself reaching for the keyboard to hammer out "ls -l". What a tragedy.
(I leave it as an exercise to the reader to determine whether the tragedy is the hacker's incompetence or my reflexive neckbeard response to it.)
I felt myself being urged to type on a non-existent keyboard as well. If it was a person near me at the keyboard, I would have felt compelled to tell them to move out of the chair and let me do the work.
This reminds me (uh-oh, another neckbeard old-timer story) of the very early days of the ARPAnet when there about 20 nodes or so...
Back then there were free guest accounts on all the systems (mostly TOPS-10 and TENEX systems along with some wierd one-off machines like the UCSB symbolic math system on a 360/65), and we (at HARV-10) had a hacker who'd come in and mess things up.
So the sysadmin (Geoff Steckel) started a logging process that dumped all suspicious incoming telnet connections input to a local TTY (yes, a physical teletypewriter).
We used to gather around the TTY when it started chattering, to watch the hacker at work. Geoff pretty quickly figured out what he was doing and patched our TOPS-10 monitor source.
If you're interested in the same and want to display stats about the connection attempts, passwords tried etc. I have developed a "kippo stats" webapp in Perl/Mojolicious, at https://github.com/mfontani/kippo-stats
-hacker +script kid. The most emotional part what when Perl was downloaded from the Microsoft site. An excellent display of how dangerous automated exploits can be in the wrong hands. Enabling emotions to run wild without assuming any risks at all. Yay, I got into a box with my script. Yay, I'm going to run a script to packet flood someone. Yay, that was meaningless.
I also enjoy how the tar had a file called "scam." Shows the generation gap in what used to be in a swiss army tar. Bot nets and things of that nature aren't fully utilized to terrorize the infected and targets! They can be used to click ads, send emails, give website hits; oh endless possibilities for MONEY.
A script kiddie [1] hacks into a computer and goes out of its way to demonstrate its ignorance by doing stupid things like downloading a file, but being unable to locate it or downloading Windows Service Pack on what seems to be a *nix system.
Luckily, the hacked computer wasn't a real computer but a honey pot [2] and everything the script kiddie does is recorded for our amusement.
It's a bit like watching a bank robber sporting a big gun without knowing which way to point it.
A script kiddie got SSH access to this honeypot (system setup to catch this type of activity and log it). He then attempted to download and run various rootkits/hacks/flooders/whatever. He repeatedly tried to change to a non-existant directory, run perl (which wasn't installed), and downloaded a Windows update (pointless on a non-Windows system).
To summarize, a wannabe hacker got access to a system and didn't know what to do.
'cd ". "' is valid; it means "set the current directory to the one named [dot][space]".
I assumed it was something he'd seen as a way to sortof-conceal a directory, since it's both hidden and looks a lot like the [dot] directory that you'd expect to find everywhere.
Actually, you guys are both right. Speaking from experience (administrator at a popular webhosting company), he likely a lot of his rootkits macroed, so he can just login to the box, alt+1 (or whatever he has his macro set to) and then pop out. When the macros fail, he demonstrates his lack of actual knowledge of *nix systems and starts acting erratically.
Still, this leaves you wondering how someone with such little knowledge of even the most basic Linux commands could ssh in there in the first place. Any idea ?
Or a disguised-kiddie which gets very cleverly in but then does very stupid things in order to get caught and get a couple of things:
1. Get others involved by leaving fake tracks.
2. Distract attention.
3. Make you think your honey pot is doing right while some other heavy duty scripts are running on the 'right' direction.
There are tons of brute force ssh bots. All they do is try every password in their password list. If you want to see one, search for brute force ssh bot on YouTube and watch script kiddies teach other script kiddies how to use them.
I had no idea the reflex was so strong, but I almost starting twitching. I caught myself reaching for the keyboard to hammer out "ls -l". What a tragedy.
(I leave it as an exercise to the reader to determine whether the tragedy is the hacker's incompetence or my reflexive neckbeard response to it.)