[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] [RaQ XTR] root pwd stolen, web services down,lost control over machine
- Subject: Re: [cobalt-users] [RaQ XTR] root pwd stolen, web services down,lost control over machine
- From: shimi <shimi@xxxxxxxxxxxxxxxx>
- Date: Thu Jun 14 19:04:51 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
On Fri, 15 Jun 2001, Etienne Antoniutti Di Muro wrote:
> Dear list members,
> this is my first message posted, so Hi everybody !!
> As my experience with the XTR will increase, I hope to be of help, as
> well.
>
>
> Someone hacked my Raq XTR.
>
> Results:
> 1- root pwd stolen, I have no more control over the appliance;
> 2- can't change any pwd with 'passwd' in a telnet session, even admin's
> after a regular login!!!; (maybe password and shadow files corrupted
> ???)
> 3- web server is not working ==>> no more browser interface to set up
> services;
> 4- log files (ie 'last' output) deleted
> 5- launching 'man' command it replies with "THE TERMINAL IS NOT
> WORKINGPROPERLY"
> 6- found a "cocaine.c" file at '/' level in the filesystem
>
> a pretty mess, uh?!!
>
> I've tried to reset admin password from the LCD console, but no luck,
> 'passwd' comand is not working,yet and at the moment the server has no
> admin password
> I'm going to try with some cracking software to get through and get the
> root back.
>
>
> Isn't there a way to restore the machine with factory defaults, and
> clean up filesystem and restart all services, properly ??
>
> any idea ???
>
yes there is, search the list archives for "Restore CD"
- shimi