- - 什么虚拟机不可以。。。 2015-07-29 9:59 GMT+08:00 Charlie Brown <[email protected]>:
> 恩,有道理,我不知道vmware可以这样呢。 > 我觉得他们是找个理由放弃吧,反正他们马上也不用那个机器,两天就准备删了回(女朋友)家了……所以……呀……祝他们幸福啊 > Sincerely, > 王文鑫 > Wenxin Wang > Department of Electronic Engineering, > Tsinghua University, > Beijing 100084, P. R. China > (+86)18811369901 > Email:[email protected] > > > 2015-07-29 9:55 GMT+08:00 惠轶群 <[email protected]>: > > 简单啊。。直接找个livecd启动就可以了。。 > > > > 2015-07-29 9:47 GMT+08:00 Charlie Brown <[email protected]>: > >> > >> 日志……现在不知道怎么弄出来呢他们。 > >> single模式貌似网卡不能开,vmware的控制台,不知道是他们不会用还是怎样,连屏幕上复制都做不到…… > >> > >> Sincerely, > >> 王文鑫 > >> Wenxin Wang > >> Department of Electronic Engineering, > >> Tsinghua University, > >> Beijing 100084, P. R. China > >> (+86)18811369901 > >> Email:[email protected] > >> > >> > >> 2015-07-28 20:06 GMT+08:00 Christopher Meng <[email protected]>: > >> > On Tue, Jul 28, 2015 at 4:05 PM, Charlie Brown <[email protected]> > >> > wrote: > >> >> 实验室有个机器坏了,他们怀疑是被黑了,因为ip访问有从埃及来用git登录的。可以认为0防护,而且密码超简单。 > >> > > >> > 你说的 git 登录是什么意思? > >> > > >> >> 那个机器,动态链接的程序都可以执行,静态链接的全挂了(我试了df, > >> >> grep。通过ldd确认是静态链接的)(他图形界面都能起来,动态链接的应该都没问题)。 > >> >> 当然,也有可能是有选择性地毁坏了一些binary。不过bash可以起(是动态链接的),我觉得要黑应该把bash也挂掉吧。 > >> > > >> > bash 当然不会挂掉的 ( ͡° ͜ʖ ͡°) > >> > > >> >> ----------------------------比如readelf -a > >> >> grep------------------------------------ > >> >> readelf: Error: Section headers are not available! > >> >> > >> >> > ------------------------------------------------------------------------------------------- > >> >> > >> >> 有人见过类似的事情吗? > >> > > >> > 入口点被破坏了... > >> > > >> > 你们如果能把系统 dump 出来留给我日后研究也可以(虚拟机?真机?)...分析最好从网络连接入手,不过可能 netstat 或者 ss > >> > 也坏了(今年的好几个 APT 都是这么干的)... > >> > > >> > -- > >> > > >> > Yours sincerely, > >> > Christopher Meng > >> > > >> > http://cicku.me > >> > > >> > -- > >> > > >> > --- > >> > You received this message because you are subscribed to a topic in the > >> > Google Groups "TUNA 主邮件列表" group. > >> > To unsubscribe from this topic, visit > >> > > https://groups.google.com/d/topic/tuna-general/yKjOQIr0HXA/unsubscribe. > >> > To unsubscribe from this group and all its topics, send an email to > >> > [email protected]. > >> > To post to this group, send email to [email protected]. > >> > For more options, visit https://groups.google.com/d/optout. > >> > >> -- > >> > >> --- > >> You received this message because you are subscribed to the Google > Groups > >> "TUNA 主邮件列表" group. > >> To unsubscribe from this group and stop receiving emails from it, send > an > >> email to [email protected]. > >> To post to this group, send email to [email protected]. > >> For more options, visit https://groups.google.com/d/optout. > > > > > > -- > > > > --- > > You received this message because you are subscribed to a topic in the > > Google Groups "TUNA 主邮件列表" group. > > To unsubscribe from this topic, visit > > https://groups.google.com/d/topic/tuna-general/yKjOQIr0HXA/unsubscribe. > > To unsubscribe from this group and all its topics, send an email to > > [email protected]. > > To post to this group, send email to [email protected]. > > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "TUNA 主邮件列表" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "TUNA 主邮件列表" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. For more options, visit https://groups.google.com/d/optout.
