Post Hack Clean Up
Results 1 to 6 of 6

Thread: Post Hack Clean Up

  1. #1
    Junior Member
    Join Date
    Aug 2003

    Angry Post Hack Clean Up

    Well, I'm attempting to recover a server that was massively compromised. The server is a Sun Solaris 8 box. They used the CDE vulnerability to get in. Closing the hole is easy, but they installed a root toolkit sol.tar.gz on the system and I can't seem to find a copy on the net or any information about how to remove it. Any help?

  2. #2
    Senior Member
    Join Date
    Jun 2003
    I would reinstall , if you want a copy to look at
    Do unto others as you would have them do unto you.
    The international ban against torturing prisoners of war does not necessarily apply to suspects detained in America\'s war on terror, Attorney General John Ashcroft told a Senate oversight committee
    -- true colors revealed, a brown shirt and jackboots

  3. #3
    Senior Member Wazz's Avatar
    Join Date
    Apr 2003
    Your best bet is to reinstall, once you're rooted, you'll never know if the kit was modified to backdoor files that you wouldn't be aware of by checking the source code of the original kit....
    "It is a shame that stupidity is not painful" - Anton LaVey

  4. #4
    Senior Member
    Join Date
    Feb 2002
    reinstalling solaris on a server.. while all your folks are SOL.. that would suck.

    but it might have to happen that way..

    I don't have any anwsers but I did find an interesting page.

  5. #5
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Washington D.C. area
    Well if you have Solaris 8, here is a tut I wrote to get you going:


    Press "Stop and A" at same time if currently logged into system

    1. Type: boot cdrom (at the "ok" prompt)
    (Wait for system to process)
    2. Select and answer the proper Language Selection
    3. Select Local
    4. At the Solaris Installation Screen: Press continue
    5. At the Identify this system Screen: Press Continue
    6. At the Network Connectivity Select: "yes"
    7. At the DHCP Screen Select: "no"
    8. At the Primary Network Interface Select: hme0 or qfe0 or eri0 depending upon the machine
    9. Hostname Type: e.g. : the
    10. IP Address Screen: assign IP address
    11. Subnet screen Select: "yes"
    12. Net Mask Screen: (type your netmask e.g
    13. IPv6 Screen Select: "no"
    Confirm Network Information (continue)
    14. Configure Security Policy Screen select: "no" for kerberos
    Confirm information (continue)
    15. Name Service Screen Select: DNS
    16. Domain Name Screen Select:
    17. DNS Server addresses : e.g. 63.68.148.xx
    18. DNS Search List Screen : "leave blank"
    Confirm Information (continue)
    19. Name Service Error Screen: type no
    20. Time Zone Screen : select proper zone (Geographic Region) Select: set
    21. Geographic Region Screen Select: United States/Eastern or appropriate area
    22. Date & Time: choose correct time : continue
    23. Solaris Interactive Installation Select: continue
    24. Solaris Interactive Installation Select: continue
    25. Select Geographic Regions : Select the triangle on the left for North America> then select USA select: continue
    26. Select Software Choose: Developer System Support
    *select to include Solaris 64 bit support (make sure square is black which indicates selected)
    **. Select disk: more to right
    27. Select Disks: already chosen "continue"
    28. Preserve Data Select : continue
    29. Automatically layout file system Select: Manual Layout
    30. File System and Disk Layout Select: Customize
    (/): 128
    ( /swap): twice the amount of RAM
    (overlap ): leave to default setting
    (/var ): 1/3 of freespace
    (/export/home): 1/3 of freespace
    (/usr/openwin): 368
    (/usr): the free space that is left
    Select OK
    31. Verify Information Select: continue
    32. Mount Remote file System Select: continue
    33. Profile Select: Begin Installation
    34. Select Auto Reboot
    Wait for Installation to complete

    35. Will ask you for Root Password: 7charPassword
    36. Specify Media from which Solaris will install Select: CD
    Insert Second CD
    37. Select: OK
    38. Installation Summary Click: Next
    39. Reboot Screen: Reboot NOW
    40. Enter user name: root
    41. Select: Common Desktop Environment Screen
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  6. #6
    Join Date
    Aug 2003
    Originally posted here by sumdumguy
    reinstalling solaris on a server.. while all your folks are SOL.. that would suck.

    but it might have to happen that way..

    I don't have any anwsers but I did find an interesting page.

    hell yes it would suck, but it's better than putting the server back in the wild only to find out it still has holes
    I hate this place, nothing works here, I\'ve been here for 7 years, the medication does\'nt work...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts