恩,有道理,我不知道vmware可以这样呢。 我觉得他们是找个理由放弃吧,反正他们马上也不用那个机器,两天就准备删了回(女朋友)家了……所以……呀……祝他们幸福啊 Sincerely, 王文鑫 Wenxin Wang Department of Electronic Engineering, Tsinghua University, Beijing 100084, P. R. China (+86)18811369901 Email:[email protected]
2015-07-29 9:55 GMT+08:00 惠轶群 <[email protected]>: > 简单啊。。直接找个livecd启动就可以了。。 > > 2015-07-29 9:47 GMT+08:00 Charlie Brown <[email protected]>: >> >> 日志……现在不知道怎么弄出来呢他们。 >> single模式貌似网卡不能开,vmware的控制台,不知道是他们不会用还是怎样,连屏幕上复制都做不到…… >> >> Sincerely, >> 王文鑫 >> Wenxin Wang >> Department of Electronic Engineering, >> Tsinghua University, >> Beijing 100084, P. R. China >> (+86)18811369901 >> Email:[email protected] >> >> >> 2015-07-28 20:06 GMT+08:00 Christopher Meng <[email protected]>: >> > On Tue, Jul 28, 2015 at 4:05 PM, Charlie Brown <[email protected]> >> > wrote: >> >> 实验室有个机器坏了,他们怀疑是被黑了,因为ip访问有从埃及来用git登录的。可以认为0防护,而且密码超简单。 >> > >> > 你说的 git 登录是什么意思? >> > >> >> 那个机器,动态链接的程序都可以执行,静态链接的全挂了(我试了df, >> >> grep。通过ldd确认是静态链接的)(他图形界面都能起来,动态链接的应该都没问题)。 >> >> 当然,也有可能是有选择性地毁坏了一些binary。不过bash可以起(是动态链接的),我觉得要黑应该把bash也挂掉吧。 >> > >> > bash 当然不会挂掉的 ( ͡° ͜ʖ ͡°) >> > >> >> ----------------------------比如readelf -a >> >> grep------------------------------------ >> >> readelf: Error: Section headers are not available! >> >> >> >> ------------------------------------------------------------------------------------------- >> >> >> >> 有人见过类似的事情吗? >> > >> > 入口点被破坏了... >> > >> > 你们如果能把系统 dump 出来留给我日后研究也可以(虚拟机?真机?)...分析最好从网络连接入手,不过可能 netstat 或者 ss >> > 也坏了(今年的好几个 APT 都是这么干的)... >> > >> > -- >> > >> > Yours sincerely, >> > Christopher Meng >> > >> > http://cicku.me >> > >> > -- >> > >> > --- >> > You received this message because you are subscribed to a topic in the >> > Google Groups "TUNA 主邮件列表" group. >> > To unsubscribe from this topic, visit >> > https://groups.google.com/d/topic/tuna-general/yKjOQIr0HXA/unsubscribe. >> > To unsubscribe from this group and all its topics, send an email to >> > [email protected]. >> > To post to this group, send email to [email protected]. >> > For more options, visit https://groups.google.com/d/optout. >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "TUNA 主邮件列表" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To post to this group, send email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. > > > -- > > --- > You received this message because you are subscribed to a topic in the > Google Groups "TUNA 主邮件列表" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/tuna-general/yKjOQIr0HXA/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To post to this group, send email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "TUNA 主邮件列表" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. For more options, visit https://groups.google.com/d/optout.
