From osiris99@postmaster.co.uk Fri Jun 22 08:48:43 2001
Date: Mon, 18 Jun 2001 21:31:41 +0100
From: Osiris Jones <osiris99@postmaster.co.uk>
To: project@honeynet.org
Subject: Scan of the month - June

Well arse :(

This looked kinda cool, so thought I'd take quick look to see what solaris type things where about.
Literally the 1st results from newsgroups:

http://groups.google.com/groups?q=solaris+rootkit&hl=en&lr=&safe=off&rnum=1&ic=1&selm=tPLT6.31%244Y4.88875%40news.uswest.net

So prob solved in 10 seconds - gutted :(

Just to prove, something file decoded is:

----------------------------------------------------
[file]
find=/dev/pts/01/bin/find
du=/dev/pts/01/bin/du
ls=/dev/pts/01/bin/ls
file_filters=01,lblibps.so,sn.l,prom,cleaner,dos,uconf.inv,psbnc,lpacct,USER

[ps]
ps=/dev/pts/01/bin/psr
ps_filters=lpq,lpsched,sh1t,psr,sshd2,lpset,lpacct,bnclp,lpsys
lsof_filters=lp,uconf.inv,psniff,psr,:13000,:25000,:6668,:6667,/dev/pts/01,sn.l,prom,lsof,psbnc

[netstat]
netstat=/dev/pts/01/bin/netstat
net_filters=47018,6668

[login]
su_loc=/dev/pts/01/bin/su
ping=/dev/pts/01/bin/ping
passwd=/dev/pts/01/bin/passwd
shell=/bin/sh

su_pass=l33th4x0r
----------------------------------------------------

All I wanted was some idea of what was out there :(
I know I technically havent actually answered the challenge questions, but it seems academic now.

Honeynet site still rocks tho, a top favourite!
Nearly had forensic challenge all done too, just never got round to finishing it.  Look forward to more :)

Os