Carolyn P. Meinel Hall of Shame
Technical Wonder: Unix Guru


[My witty comments in brackets. Only relevant parts of this
 history are quoted. And despite her claims, I have 
 more than sufficient reason to believe it is real. This
 should show a general lack of familiarity with the Unix
 operating system.]

From anon@anon.efga.org Fri Nov 21 02:49:04 1997
Date: Thu, 20 Nov 1997 14:54:23 -0500
From: Anonymous 
Reply-To: hh-chat@lists.secureservers.net
To: hh-chat@gateway-e.secureservers.net

For your enlightenment and amusement I present:
 
Carolyn P. Meinel's .bash_history!

--

cd bin
cd convfont

[convfont is a binary, not a directory. This is the same
 as someone typing "cd readme.txt".]

ls
ls c*

["lets look at all files that start with 'c'.. oh.. 'convfont' 
  isn't a directory"]

cd usr
ls
cd bin
cd convfont

["maybe it will work this time! Didn't work the first time, but
  it might this time!"]

ls
ls con*
ls co*

["wow.. lets look at it AGAIN.. its still not a directory"]

ln -s /etc/shadow /tmp/dummy.dip
cd etc
ls
cd shadow

[lets cd into 'shadow'. Just like above, you can only "cd" 
 into directories, not files.]

ls sha*

["lets check to see what it is.. oh yeah, its a regular file"]

/sbin/dip -v /tmp/dummy.dip
ln -s /etc.shadow /tmp/dummy.dip

[oops.. etc.shadow .., if we put the directory and file name
 correctly, it might work.]

su +username
su -- -username

[too literal there...the man pages or help files tell you to
 "su -username" where "username" is a valid account on the
 system.]

cd ..
pwd
who
mail from
mail from: nogo@nogood.com
quit
cd ..

[this from someone who only talks about forging email headers..
 she doesn't even understand the syntax of the most basic of 
 mail programs.]

who
ps
ps -la
#/usr/bin/suidperl -U
>=0;
$<=0; $<=0;
>=0; $<=0;
exec("bin/sh:);
ls

[almost got that suidperl exploit to work! Course, could have
 checked to see if it was SUID to begin with. Before typing all
 this in, you can do a quick check to see if it will work.]

who
cat /etc/passwd
export RESOLV_HOST_CONF=
cat /etc/shadow
cd /var/log

[Doh! You don't redirect the file into the variable...The idea
 here is to set the variable to the file name, not dump the contents
 of the file into the variable.]

who
finger root
users
who
tin
finger @shellonly.com
netstat

[She never could figure out where this history came from,
 but it spells it out quite nicely.]

who
talk campress
man tin
kill man tin

[Kill by job number or PID... not name. When doing process control,
 it is by a unique NUMBER that the system uses, not the NAME of the
 command.]

fg man tin
jobs
kill 1

["ahh, this works"]

ps man tin

[and she reverts...]

elm
pine
telnet space.honeywell.com
finger rlogan@space.honeywell.com
finger rlogan@honeywell.com
nslookup honeywell.com
whois rlogan@space.honeywell.com
lynx http://www.honeywell.com
finger info-fl51@space.honeywell.com
telnet space.honeywell.com

[Now... I wonder if this helps verify the validty of the history. Should we
 go into detail about Carolyn trying to obtain a consulting contract 
 at a certain company?]

whois honeywell.com
finger rlogan@space.honeywell.com
finger rlogan@129.239.26.10
finger rlogan@129.30.3.16
finger rlogan@129.17.254.12
pine
telnet 36.26.0.172
finger boeing.com
finger @boeing.com
finger @www.boeing.com

[*gasp*.. she wouldn't be poking at their competitors would she?
 I think the term here is "industrial espionage".]

tin
tin -r news.lobo.net
telnet obscure.sekurity.org 22

[Probing my system.. she showed that she didn't know what port 22 was,
 then tried to recover by saying she knew all along. Now we see her using
 telnet to access the SSH port which doesn't work at all.]

who
finger @
set prompt = Howdy, haxor buddy!
set prompt = 'Howdy, haxor buddy!'

[Can we say cheezball?]

set |more
set prompt
set prompt = 'hax0rch1ck:)'

[This will make me ill..]

whois happyhacker.org
whois happyhacker.com
telnet escape.com 79
nslookup phuck.com
nslookup phuck.net
dig netral.
nslookup netral.
whois  208.128.37.4
nslookup phuck.net.
nslookup ljusdal.se
dig ljusdal.se
dig phuch.net
dig phuck.net
help dig
man dig
whois dimensional.com

[And my upstream... why would she be interested in my upstream?
 That was not part of my challenge for her to hack my system..]

traceroute obscure.sekurity.org
finger krees@downeast.net
telnet downeast.net 79
whois downeast.net
traceroute downeast.net
finger krees@alter.net
finger krees@137.39.13.237
finger krees@204.176.212.1
telnet 204.176.212.1 79
finger krees@208.128.23.61
nslookup 204.176.212.1
nslookup 204.176.212.2
dig 204.176.212.1
nslookup 204.176.212.
nslookup 204.176.212.10
traceroute sekurity.org
lynx http://www.asmodeus.com
whois asmodeus.com
traceroute  ipt-q1.proxy.aol.com
lynx http://204.188.52.99
exit
pine
pico worm.tar

[Editing a tar file?! Thats like loading a program or zip file
 into notepad.]

ftp ftp://obscure.sekurity.org

[Hitting my server again..]