LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices



Reply
 
Search this Thread
Old 12-18-2003, 08:17 PM   #1
SlackinMonkeee
Member
 
Registered: Aug 2003
Location: U S A
Distribution: Slackware 11.0
Posts: 30

Rep: Reputation: 15
Angry Big Time Problems Please Help, Im Not A Noobie


Ok, I say im not a newbie, but i guess i am becuase i dont know whats going on...

here's the basis of it:

Slackware Login: root
/dev/tux/backup/login: Bad address

so yea. It wont let me logon
it wont prompt me for a password it just does that and goes right back to prompting me for a logon.
I have no other user accounts on this box, it is my server. I need it back up. Please help.

Please reply. I need help fast.

-Tom
 
Old 12-18-2003, 09:23 PM   #2
DaOne
Member
 
Registered: Jan 2003
Location: USA
Distribution: Slackware
Posts: 498

Rep: Reputation: 30
Hmm...so if you were to reboot the machine, you would still get the same? I know it sounds so Windows-ish, but I want to understand and start from the same point you are.
 
Old 12-18-2003, 09:53 PM   #3
SlackinMonkeee
Member
 
Registered: Aug 2003
Location: U S A
Distribution: Slackware 11.0
Posts: 30

Original Poster
Rep: Reputation: 15
yes, i rebooted like 15 times and still the same thing
 
Old 12-18-2003, 10:01 PM   #4
DaOne
Member
 
Registered: Jan 2003
Location: USA
Distribution: Slackware
Posts: 498

Rep: Reputation: 30
Tux kit? Sun iso image?
 
Old 12-18-2003, 10:03 PM   #5
SlackinMonkeee
Member
 
Registered: Aug 2003
Location: U S A
Distribution: Slackware 11.0
Posts: 30

Original Poster
Rep: Reputation: 15
huh?
 
Old 12-18-2003, 10:06 PM   #6
DaOne
Member
 
Registered: Jan 2003
Location: USA
Distribution: Slackware
Posts: 498

Rep: Reputation: 30
Well, how long has this machine been up before this? If fresh, what medium? I have heard of this problem using a supposed "tux kit" and "sun image". Dunno...never used either, just asking.
 
Old 12-18-2003, 10:08 PM   #7
SlackinMonkeee
Member
 
Registered: Aug 2003
Location: U S A
Distribution: Slackware 11.0
Posts: 30

Original Poster
Rep: Reputation: 15
um well the server has been up for a while... like 3 or 4 months.

So i dont know. I was playing with apache over ssh then i went on the server to reboot it and i couldnt log back on.
 
Old 12-18-2003, 10:15 PM   #8
DaOne
Member
 
Registered: Jan 2003
Location: USA
Distribution: Slackware
Posts: 498

Rep: Reputation: 30
Hmmm...I would say to kill apache at start-up for now, but since you can't login...man, I don't know where to start. How about a linux boot disk password hacker...works on a SAM database, but not sure about your situation...let me see what I can find.
 
Old 12-18-2003, 10:17 PM   #9
SlackinMonkeee
Member
 
Registered: Aug 2003
Location: U S A
Distribution: Slackware 11.0
Posts: 30

Original Poster
Rep: Reputation: 15
ok thanks, its wierd though becuase it wont even prompt me for the password
 
Old 12-18-2003, 10:29 PM   #10
DaOne
Member
 
Registered: Jan 2003
Location: USA
Distribution: Slackware
Posts: 498

Rep: Reputation: 30
What does "linux single" give you at the lilo prompt?
 
Old 12-19-2003, 03:31 AM   #11
djbanaan
Member
 
Registered: Aug 2003
Location: Haarlem, The Netherlands
Distribution: Slackware, FreeBSD
Posts: 178

Rep: Reputation: 30
I'm not sure on this, but I think the directory /dev/tux is part of some root-kit. So I'm afraid you've been hacked. You might try booting from FIRE and do some testing on the system. Here's a link with some more information on the supposed root-kit http://seclists.org/lists/incidents/2002/May/0006.html .
Good luck with this.
 
Old 12-19-2003, 06:30 AM   #12
djbanaan
Member
 
Registered: Aug 2003
Location: Haarlem, The Netherlands
Distribution: Slackware, FreeBSD
Posts: 178

Rep: Reputation: 30
I did some additional research and I've come up with this document with and in-depth description of the 'tuxkit' root-kit. It clearly states that the mere existence of the dir /dev/tux indicates that tuxkit has been installed. The cracker appears to have done a poor job given the fact that his/her root-kit has disrupted the login handling. I have no clue, however, on how to remove the kit and the binaries it has installed. It's not even clear wether the installation of the kit has succeeded. Like I said in my previous post you can use FIRE to do some forensics.
 
Old 12-19-2003, 07:54 AM   #13
DaOne
Member
 
Registered: Jan 2003
Location: USA
Distribution: Slackware
Posts: 498

Rep: Reputation: 30
tuxkit...exactly. I remember reading about this some time ago, and well...I didn't even realize that it was as described. Good find djbanaan!
 
Old 12-19-2003, 03:10 PM   #14
SlackinMonkeee
Member
 
Registered: Aug 2003
Location: U S A
Distribution: Slackware 11.0
Posts: 30

Original Poster
Rep: Reputation: 15
is tuxkit what i use to fix it?? or is that what the script kitty used to h4x me???

is it bootable, ive read about fire and thats a bootable rootkit thing.
Someone help me and walk me through how i should go about this???
 
Old 12-19-2003, 03:31 PM   #15
cratos
Member
 
Registered: Feb 2003
Posts: 95

Rep: Reputation: 15
Have you tried a remote login? maybe SSH or telnet? If you get to the login prompt your services should be started, unless it got hacked away.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
X86-64 problems, BIG TIME. mickeyboa Fedora 4 11-27-2005 03:17 PM
network problems apparently noobie lakmilis Linux - Networking 8 05-21-2005 09:46 AM
Noobie to Linux! First time installer! chowda633 Slackware 8 10-12-2003 04:02 PM
F...ed up big time neo77777 Slackware 6 12-01-2002 03:23 PM
big BIG javascript & loading time luigi Programming 3 09-10-2001 04:53 AM


All times are GMT -5. The time now is 04:24 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration