Case #1 (2 of 3): Collecting Companies
0015: Acquires password file using SGI webdist vulnerability.
Passwords are not shadowed so the encrypted password is in
captured file. (httpd access_log)
0018: Logs into irix2 as user wlee. wlee’s password was easily
crackable using crack 5 program with captured password file.
0021: Transfers bnc.tar.gz to wlee’s home directory. Unpacks file
and renames bnc as “-tcsh”. Runs “-tcsh”
0023: User at peter.siu.edu receives a chat message from
email@example.com indicating that he broke into