Extend the Story - Add a Room

Honeynet Project SoTM by rbcarnett
Members of the Mexico Honeynet Project captured a unique attack. As common, what is interesting is not how the attackers broke in, but what they did afterwards. Your mission is to analyze the network capture of the attacker's activity and decode the attacker's actions. There are two binary log files. Day1 captured the break in, Day3 captures some unique activity following the compromise. The honeypot in question is IP 192.168.100.28. Make sure you review the challenge criteria before submitting your writeup.

Questions:
What is the operating system of the honeypot? How did you determine that? (see day1)
FreeBSD
End Of Story

Variable Names & Values are required for a choice to show

Up to 350px x 350px, 50,000 byte file size limit
The owner of this story will be reviewing your submission before publication. Please confirm your spelling, punctuation, and adherence to any of the story owner's guidelines before submitting.