eve / root 21:38:49 (0) #mount -o ro,loop /var/tmp/honeynet/honeypot.hda8.dd /honey eve / root 21:38:55 (0) #cd /honey eve /honey root 21:38:59 (0) #ls -lart | tail drwxr-xr-x 4 root root 3072 Mar 15 05:18 lib/ drwxr-x--- 2 root root 1024 Mar 15 11:23 root/ drwxr-xr-x 2 root root 1024 Mar 15 11:23 floppy/ drwxr-xr-x 3 root root 3072 Mar 15 19:45 sbin/ drwxr-xr-x 6 root root 34816 Mar 15 19:45 dev/ drwxr-xr-x 2 root root 2048 Mar 15 19:45 bin/ drwxr-xr-x 29 root root 3072 Mar 15 19:45 etc/ drwxr-xr-x 18 root root 1024 Mar 15 19:45 ./ drwxrwxrwt 3 root root 1024 Mar 16 08:48 tmp/ drwxr-xr-x 24 root root 4096 May 17 18:03 ../ eve /honey root 21:39:09 (0) #ls -lart tmp | tail total 9 -rw-r--r-- 1 root root 5682 Mar 15 05:19 install.log drwxrwxrwt 2 43 43 1024 Mar 15 11:22 .font-unix/ drwxr-xr-x 18 root root 1024 Mar 15 19:45 ../ drwxrwxrwt 3 root root 1024 Mar 16 08:48 ./ eve /honey root 21:39:18 (0) #ls -lart etc | tail -rw-r--r-- 1 root root 63 Mar 15 11:22 issue.net -rw-r--r-- 1 root root 64 Mar 15 11:22 issue -rw-r--r-- 1 root root 962 Mar 15 11:28 syslog.conf -rw-r--r-- 1 root root 92 Mar 15 11:28 hosts -rw-r--r-- 1 root root 200 Mar 15 11:31 mtab -rw-r--r-- 1 root root 11407 Mar 15 19:45 services -rw-r--r-- 1 root root 3278 Mar 15 19:45 inetd.conf drwxr-xr-x 29 root root 3072 Mar 15 19:45 ./ drwxr-xr-x 18 root root 1024 Mar 15 19:45 ../ -rw------- 1 root root 0 Mar 16 08:52 ftpaccess eve /honey root 21:39:27 (0) #ls -lart bin | tail lrwxrwxrwx 1 root root 8 Mar 15 05:17 nisdomainname -> hostname* lrwxrwxrwx 1 root root 8 Mar 15 05:17 domainname -> hostname* lrwxrwxrwx 1 root root 8 Mar 15 05:17 dnsdomainname -> hostname* lrwxrwxrwx 1 root root 3 Mar 15 05:18 gtar -> tar* lrwxrwxrwx 1 root root 2 Mar 15 05:19 view -> vi* lrwxrwxrwx 1 root root 2 Mar 15 05:19 rview -> vi* lrwxrwxrwx 1 root root 2 Mar 15 05:19 rvi -> vi* lrwxrwxrwx 1 root root 2 Mar 15 05:19 ex -> vi* drwxr-xr-x 2 root root 2048 Mar 15 19:45 ./ drwxr-xr-x 18 root root 1024 Mar 15 19:45 ../ eve /honey root 21:40:15 (0) #ls -lart sbin | tail lrwxrwxrwx 1 root root 7 Mar 15 05:18 quotaoff -> quotaon* lrwxrwxrwx 1 root root 9 Mar 15 05:18 raidstop -> raidstart* lrwxrwxrwx 1 root root 9 Mar 15 05:18 raidhotremove -> raidstart* lrwxrwxrwx 1 root root 9 Mar 15 05:18 raidhotadd -> raidstart* lrwxrwxrwx 1 root root 6 Mar 15 05:18 raid0run -> mkraid* lrwxrwxrwx 1 root root 17 Mar 15 05:18 mount.smbfs -> /usr/bin/smbmount* lrwxrwxrwx 1 root root 17 Mar 15 05:18 mount.smb -> /usr/bin/smbmount* lrwxrwxrwx 1 root root 7 Mar 15 05:19 clock -> hwclock* drwxr-xr-x 3 root root 3072 Mar 15 19:45 ./ drwxr-xr-x 18 root root 1024 Mar 15 19:45 ../ eve /honey root 21:40:42 (0) #ls -lart dev | tail crw------- 1 root root 4, 4 Mar 15 11:23 tty4 crw------- 1 root root 4, 3 Mar 15 11:23 tty3 crw------- 1 root root 4, 2 Mar 15 11:23 tty2 crw------- 1 root root 4, 1 Mar 15 11:34 tty1 -rw-r--r-- 1 root root 71 Mar 15 19:45 rpm -rw-r--r-- 1 root root 87 Mar 15 19:45 last drwxrwxr-x 4 root root 12288 Mar 15 19:45 ida/ drwxr-xr-x 6 root root 34816 Mar 15 19:45 ./ drwxr-xr-x 18 root root 1024 Mar 15 19:45 ../ crw-rw-rw- 1 root root 3, 0 Mar 16 08:52 ttyp0 eve /honey root 21:40:49 (0) #cd dev eve /honey/dev root 21:40:56 (0) #file rpm last rpm: ASCII test last: ASCII test eve /honey/dev root 21:41:09 (0) #cat rpm 3 sl2 3 sshdu 3 linsniffer 3 smurf 3 slice 3 mech 3 muh 3 bnc 3 psybnc eve /honey/dev root 21:41:12 (0) #cat last 1 193.231.139 1 213.154.137 1 193.254.34 3 48744 3 3666 3 31221 3 22546 4 48744 4 2222 eve /honey/dev root 21:41:13 (0) #ls -lart ida | tail brw-rw---- 1 root disk 74, 255 Apr 17 1999 c2d15p15 brw-rw---- 1 root disk 74, 254 Apr 17 1999 c2d15p14 brw-rw---- 1 root disk 74, 253 Apr 17 1999 c2d15p13 brw-rw---- 1 root disk 74, 252 Apr 17 1999 c2d15p12 brw-rw---- 1 root disk 74, 251 Apr 17 1999 c2d15p11 brw-rw---- 1 root disk 74, 250 Apr 17 1999 c2d15p10 drwxr-xr-x 6 root root 34816 Mar 15 19:45 ../ drwxrwxr-x 4 root root 12288 Mar 15 19:45 ./ drwxr-xr-x 2 root root 1024 Mar 15 19:45 .drag-on/ drwxr-xr-x 2 root root 1024 Mar 15 19:45 .. / eve /honey/dev root 21:41:30 (0) #cd ida eve /honey/dev/ida root 21:41:35 (0) #ls -lart .drag-on ".. " .drag-on: total 660 -rw------- 1 root root 540 Mar 15 19:45 ssh_host_key -rwx------ 1 root root 8268 Mar 15 19:45 sl2* -rwxr-xr-x 1 root root 4060 Mar 15 19:45 sense* -rw-r--r-- 1 root root 708 Mar 15 19:45 s -rwxr-xr-x 1 root root 632066 Mar 15 19:45 mkxfs* -rwx------ 1 root root 75 Mar 15 19:45 logclear* -rwx------ 1 root root 7165 Mar 15 19:45 linsniffer* drwxrwxr-x 4 root root 12288 Mar 15 19:45 ../ drwxr-xr-x 2 root root 1024 Mar 15 19:45 ./ -rw------- 1 root root 512 Mar 16 08:45 ssh_random_seed -rw-r--r-- 1 root root 138 Mar 16 10:28 tcp.log .. : total 659 -rwx------ 1 root root 8268 Mar 15 19:45 sl2* -rwxr-xr-x 1 root root 4060 Mar 15 19:45 sense* -rwx------ 1 root root 75 Mar 15 19:45 logclear* -rwx------ 1 root root 7165 Mar 15 19:45 linsniffer* drwxrwxr-x 4 root root 12288 Mar 15 19:45 ../ -rw-r--r-- 1 root root 0 Mar 15 19:45 tcp.log -rw------- 1 root root 512 Mar 15 19:45 ssh_random_seed -rw------- 1 root root 540 Mar 15 19:45 ssh_host_key -rw-r--r-- 1 root root 708 Mar 15 19:45 s -rwxr-xr-x 1 root root 632066 Mar 15 19:45 mkxfs* drwxr-xr-x 2 root root 1024 Mar 15 19:45 ./ eve /honey/dev/ida root 21:41:51 (0) #