[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] [RaQ XTR] root pwd stolen, web services down,lost control over machine

Subject: Re: [cobalt-users] [RaQ XTR] root pwd stolen, web services down,lost control over machine
From: SteelHead <brk@xxxxxxxx>
Date: Tue Jun 19 15:42:08 2001
Organization: Linuxhelpers
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

I know this is late, but it may still be of some help.

You can pull the XTR down, remove the drive, and, possibly, removet the
password shadow file while it (the removed drive) is installed and mounted
in another Linux box.  If all else fails, it may be a fine way to tar up the
sites and put them back after a restore operation.  I would suggest this
before hitting the restore CD.

My late offering.

Bill
----- Original Message -----
From: "Etienne Antoniutti Di Muro" <etienne@xxxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Friday, June 15, 2001 2:25 AM
Subject: [cobalt-users] [RaQ XTR] root pwd stolen, web services down,lost
control over machine


> Dear list members,
> this is my first message posted, so Hi everybody !!
> As my experience with the XTR will increase, I hope to be of help, as
> well.
>
>
> Someone hacked my Raq XTR.
>
> Results:
> 1- root pwd stolen, I have no more control over the appliance;
> 2- can't change any pwd with 'passwd' in a telnet session, even admin's
> after a regular login!!!; (maybe password and shadow files corrupted
> ???)
> 3- web server is not working ==>> no more browser interface to set up
> services;
> 4- log files (ie 'last' output) deleted
> 5- launching 'man' command it replies with "THE TERMINAL IS NOT
> WORKINGPROPERLY"
> 6- found a "cocaine.c" file at '/' level in the filesystem
>
> a pretty mess, uh?!!
>
> I've tried to reset admin password from the LCD console, but no luck,
> 'passwd' comand is not working,yet and at the moment the server has no
> admin password
> I'm going to try with some cracking software to get through and get the
> root back.
>
>
> Isn't there a way to restore the machine with factory defaults, and
> clean up filesystem and restart all services, properly ??
>
> any idea ???
>
> tnx in advance
> etienne
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>

References:
- [cobalt-users] [RaQ XTR] root pwd stolen, web services down,lost control over machine
  - From: Etienne Antoniutti Di Muro

Prev by Date: Re: [cobalt-users] Re: RaQ4 Updates
Next by Date: [cobalt-users] Add User via CRON and FTP
Previous by thread: Re: [cobalt-users] [RaQ XTR] root pwd stolen, web services down,lostcontrol over machine
Next by thread: RE: [cobalt-users] [RaQ XTR] root pwd stolen, web services down,lost control over machine

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index