Date: Tue, 25 Jun 1996 14:43:37 -0700 (MST) From: Terry Lambert <terry@lambert.org> To: alk@Think.COM (Tony Kimball) Cc: jbhunt@mercury.gaianet.net, hackers@FreeBSD.ORG Subject: Re: I need help on this one - please help me track this guy down! Message-ID: <199606252143.OAA00994@phaeton.artisoft.com> In-Reply-To: <199606252116.QAA20467@compound.Think.COM> from "Tony Kimball" at Jun 25, 96 04:16:45 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> I suggest inducing the user to repeat her exploit. Take the system > down. Wipe the user's directory. Bring it up, with a motd reporting > a disk crash, and partial restoration. Log everything the user does. > > Or, you might just *ask*. Most folks who hack a random ISP system do > it for fun, and love to brag about it. rcp preserves suid/sgid on the target system. Now look for a writeable sticky directory... Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606252143.OAA00994>