[sclug] Adore root kit

David Given dg at cowlark.com
Fri May 27 10:31:29 UTC 2005


On Friday 27 May 2005 09:56, David Herring wrote:
[...]
> Anyhow, server will be re-installed. But prior to getting to docklands,
> is there anyway I can gain back a root account ? I can login as a user
> account - can see the adore root kit which has been installed, etc. If
> anyone things they 'become' root on such a system, then please let me know.

Remotely? I'm not sure (you could always use a root kit...). The normal thing 
to do is to boot into single-user mode, which you need to be local for. As 
Jon said, it's easiest to get a technician to do it, although if you have a 
remote serial console, you might be able to do something that way.

Incidentally, I'm sure you already know this, but it's worth reiterating: now 
the machine's been compromised, it should be taken off-line as soon as 
possible! It'll probably be part of some botnet. And you don't want that. 
(You may even be liable for any damage done, now that you know it's been 
compromised.)

-- 
+- David Given --McQ-+ 
|  dg at cowlark.com    | "I have a mind like a steel trap. It's rusty and
| (dg at tao-group.com) | full of dead mice." --- Anonymous, on rasfc
+- www.cowlark.com --+ 


More information about the Sclug mailing list