I need help after hacking - Debian

This is a discussion on I need help after hacking - Debian ; Hi, I have been hacked and on some files such as /bin/ls /usr/bin/top /usr/bin/find /usr/bin/pstree /usr/bin/md5sum /usr/sbin/lsof /bin/ps and /bin/netstat root have no permission for replace them I have try to create a user with the userid and groupid of ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: I need help after hacking

  1. I need help after hacking

    Hi,

    I have been hacked and on some files such
    as /bin/ls /usr/bin/top /usr/bin/find /usr/bin/pstree /usr/bin/md5sum
    /usr/sbin/lsof /bin/ps and /bin/netstat root have no permission for replace
    them
    I have try to create a user with the userid and groupid of the owner for
    change to root.root, but I can't change ownships

    Did you have some ideas about this problem ?

    Thank's in advance
    --
    http://pronux.org

  2. Re: I need help after hacking

    MazeSloup wrote:
    > Hi,
    >
    > I have been hacked and on some files such
    > as /bin/ls /usr/bin/top /usr/bin/find /usr/bin/pstree /usr/bin/md5sum
    > /usr/sbin/lsof /bin/ps and /bin/netstat root have no permission for replace
    > them
    > I have try to create a user with the userid and groupid of the owner for
    > change to root.root, but I can't change ownships
    >
    > Did you have some ideas about this problem ?


    The only thing I know is running a live-CD and mounting the file system
    on the harddrive so as to work on it. I'm guessing the chown and chmod
    tools are also cracked.

    --
    Ed Hurst
    ------------
    return addy is spam trap
    try je hurst at gmail dot com

  3. Re: I need help after hacking

    Bill Marcum wrote:

    > On Tue, 07 Feb 2006 13:40:31 +0100, MazeSloup
    > wrote:
    >> Hi,
    >>
    >> I have been hacked and on some files such
    >> as /bin/ls /usr/bin/top /usr/bin/find /usr/bin/pstree /usr/bin/md5sum
    >> /usr/sbin/lsof /bin/ps and /bin/netstat root have no permission for
    >> replace them
    >> I have try to create a user with the userid and groupid of the owner for
    >> change to root.root, but I can't change ownships
    >>
    >> Did you have some ideas about this problem ?
    >>
    >> Thank's in advance

    >
    > The chmod and chown commands may have been tampered with, or the files
    > may have been given the "immutable" attribute. man lsattr; man chattr.
    > In any event, the safest thing to do is to reinstall the operating
    > system and apply all the latest security updates.
    >
    >

    Hi,

    Finnaly I have re-install the OS because I doesn't know how many
    files have benn infected. In fact the problem come from a web site
    with security problems...
    For other information, with a live CD I haven't can replace file with other
    allways Access denied.

    Thank's to all for your comments

    BR
    --
    http://pronux.org

  4. Re: I need help after hacking

    On Thu, 09 Feb 2006 08:20:30 +0100, MazeSloup wrote:

    > For other information, with a live CD I haven't can replace file with other
    > allways Access denied.


    Then you need to do something differently. With a liveCD like Knoppix or
    SystemRescueCD you can do practically anything to an installed system.

    --
    mark south: world citizen, net denizen
    echo znexfbhgu2000@lnubb.pb.hx|tr a-z n-za-m
    "Take it? I can't even parse it!" - Kibo, in ARK


+ Reply to Thread