Case #1 (2 of 3): �Collecting Companies
0015: Acquires password file using SGI webdist vulnerability.
Passwords are not shadowed so the encrypted password is in
captured file. (httpd access_log)
0018: Logs into irix2 as user wlee. wlee’s password was easily
crackable using crack 5 program with captured password file.
(wtmpx log)
0021: Transfers bnc.tar.gz to wlee’s home directory. Unpacks file
and renames bnc as “-tcsh”. Runs “-tcsh”
0023: User at peter.siu.edu receives a chat message from
shadow@irix2.ames.nasa.gov indicating that he broke into
NASA.