From owner-freebsd-security  Thu Aug 23  3:14:37 2001
Delivered-To: freebsd-security@freebsd.org
Received: from arpa.com (arpa.com [199.245.173.5])
	by hub.freebsd.org (Postfix) with ESMTP id EDCD237B407
	for <security@freebsd.org>; Thu, 23 Aug 2001 03:14:33 -0700 (PDT)
	(envelope-from wd@arpa.com)
Received: by arpa.com (Postfix, from userid 1004)
	id EFCFABB67; Thu, 23 Aug 2001 06:14:32 -0400 (EDT)
Date: Thu, 23 Aug 2001 06:14:32 -0400
From: Chip Norkus <wd@arpa.com>
To: Stefanos Kiakas <stefanos@e-scape.net>
Cc: security@freebsd.org
Subject: Re: Compromised system.
Message-ID: <20010823061432.C70948@anduril.org>
References: <200108231554.LAA96346@corp.e-scape.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200108231554.LAA96346@corp.e-scape.net>; from stefanos@e-scape.net on Thu, Aug 23, 2001 at 11:54:30AM -0400
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Thu Aug 23, 2001; 11:54AM -0400 Stefanos Kiakas used 1.0K bytes of bandwidth to send the following:
> 
[snip]
> total 23
> drwxrwxrwt   3 root    wheel  512 Aug 23 16:39 .
> drwxr-xr-x   2 root    wheel  512 Aug  3 11:48 .  
> drwxr-xr-x  20 root    wheel  512 Apr  4 04:46 ..
> 
> How do I access the second . directory to see what
> is in it? I have tried everything I can thing of but
> I cannot list any of the contents.
> 

This is, of course, only a guess, but there may be strange things like
terminal codes (or even a space after the name) in that file's name, in
/tmp, you might want to do:
ls -Ba /tmp

You'll then need to decode the output.

Alternatively, after chucking out everything else in tmp, you might try:
cd *.
cd .*
cd *.*

(until one of them works)

> Please cc me at stefanos@e-scape.net.
> 

Good luck!

> Thank you,
> 
> Stefanos Kiakas
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
-wd
-- 
chip norkus(rl); white_dragon('net');      wd@arpa.com
"That's Tron.  He fights for the users."   http://telekinesis.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message