[plug] Scary Stuff
Steve Grasso
steveg at calm.wa.gov.au
Fri Dec 7 10:58:46 WST 2001
But if, for argument's sake, his machine _has_ been owned (and I'm not saying
that it is) ls would likely be trojaned and wouldn't report anything
interesting. Hence my suggestion to boot from a Linux floppy, mount /etc, cd
/etc/init.d and ls -lah \? (or whatever your favourite incantation is) from
there.
Steve
On Friday 07 December 2001 10:44, Brad Campbell wrote:
> Adrian Woodley wrote:
> > Thats not a bad idea. However, the question still remains - What is it
> > and why is it there? :)
>
> What's in it, what are it's permissions uid/gid ?
> What dist are you using?
>
> for me, in bash
> ls -lah \?
> tell me whats in it, an rm \? -r
> get's rid of it..
More information about the plug
mailing list