LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   How can i overwrite /sbin/init? (https://www.linuxquestions.org/questions/linux-newbie-8/how-can-i-overwrite-sbin-init-217396/)

poboy 08-14-2004 12:50 AM
How can i overwrite /sbin/init?
 
First I got this problem with printing, everytime i print nothing comes out so i decided to shutdown(shutdown -h now). the linux. but it won't shutdown it says something like error in printing... FUCK : I've got signal 11. so i was force to push the power button. hoping it will be okay after a restart. but something went wrong it can boot it says recovering or checking memory ### : okay. so i thought a had a memory problem and decided to check the memory and it seems okay. i've read somewhere that maybe the /sbin/init has been hacked or corrupted. so a tried to use linux rescue (redhat 7.1). then i use this command to login mount -t ext2 /dev/sda7 /tempdir, chroot /tempdir, su. so i'm IN. then i tried to copy the original init to a floppy drive using mcopy. then use the mv command to move to init file to another directory. i got permission denied. so i sue rm command to delete to file then i've got this segmentation error. tried using cp command too but still to no avail? Is there anybody who could help me overwrite the old init. I'm very Frustrated and desperate. help pls help

thanks

ToniT 08-14-2004 12:58 AM
Sounds like a hardware failure, probably memory. cp shouldn't segfault spontaneously.

unSpawn 08-28-2004 08:29 AM
Sounds like a hardware failure, probably memory. cp shouldn't segfault spontaneously.

The line " FUCK : I've got signal 11" is typical for SuckIT rootkit's /sbin/init. BTW, the line should read something like "FUCK: I've got signal 11 while manipulating the kernel", which kinda shows how important it is to post correct and full errors.
Poboy, if this box is still connected to the 'net, disconnect it. From another box read the typical "help, I got hacked" posts in the Linux - Security forum about how to mop up. Else ask for the thread to be moved to that forum. Please check out the LQ FAQ: Security references, part #1: "Compromise, breach of security, detection".

Crunch 08-28-2004 08:40 AM
Well, you probably cannot execute init since it is not executable... well to my knowledge that is. I thought init was loaded at boot time. That's your one process that should always be running.

Edit/Note: Permissions on my OpenBSD box (this may vary for yours though) show...
Quote:
-r-x------ 1 root bin
This might help a little bit, to check yours just ls -l the file.


All times are GMT -5. The time now is 09:54 PM.