Last active
December 26, 2015 18:09
-
-
Save labeneator/7192880 to your computer and use it in GitHub Desktop.
Backdoor. Doing too much work in the ISR
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Oct 28 10:43:47 debian kernel: [269087.601151] pkt_len: 13, ipv4, hdr_len: 5 | |
| Oct 28 10:43:47 debian kernel: [269087.601154] s_ip: 192.168.127.108, | |
| Oct 28 10:43:47 debian kernel: [269087.601155] data: touch /tmp/x, | |
| Oct 28 10:43:47 debian kernel: [269087.601156] About to run: touch /tmp/x, | |
| Oct 28 10:43:47 debian kernel: [269087.601801] Modules linked in: backdoor_buggy(O) vboxsf(O) ppdev lp bnep rfcomm bluetooth rfkill uinput nfsd nfs nfs_acl auth_rpcgss fscache lockd sunrpc ext2 loop joydev iTCO_wdt iTCO_vendor_support psmouse pcspkr serio_raw evdev rng_core usbhid hid i2c_piix4 i2c_core snd_intel8x0 snd_ac97_codec snd_pcm snd_page_alloc snd_timer snd soundcore ac97_bus parport_pc battery processor parport vboxguest(O) thermal_sys ac button power_supply ext4 crc16 jbd2 mbcache dm_mod sg sd_mod sr_mod crc_t10dif cdrom ata_generic ata_piix ahci libahci ohci_hcd ehci_hcd libata usbcore e1000 usb_common scsi_mod [last unloaded: scsi_wait_scan] | |
| Oct 28 10:43:47 debian kernel: [269087.601847] Pid: 7862, comm: sendip Tainted: G O 3.2.0-4-amd64 #1 Debian 3.2.46-1+deb7u1 | |
| Oct 28 10:43:47 debian kernel: [269087.601849] Call Trace: | |
| Oct 28 10:43:47 debian kernel: [269087.601851] <IRQ> [<ffffffff813480b9>] ? __schedule_bug+0x3e/0x52 | |
| Oct 28 10:43:47 debian kernel: [269087.601859] [<ffffffff8134d29d>] ? __schedule+0x85/0x610 | |
| Oct 28 10:43:47 debian kernel: [269087.601863] [<ffffffff81041f3d>] ? __cond_resched+0x1d/0x26 | |
| Oct 28 10:43:47 debian kernel: [269087.601865] [<ffffffff8134d877>] ? _cond_resched+0x12/0x1c | |
| Oct 28 10:43:47 debian kernel: [269087.601866] [<ffffffff8134d89f>] ? wait_for_common+0x1e/0x119 | |
| Oct 28 10:43:47 debian kernel: [269087.601869] [<ffffffff8134ebc7>] ? _raw_spin_unlock_irqrestore+0xe/0xf | |
| Oct 28 10:43:47 debian kernel: [269087.601872] [<ffffffff8105af63>] ? queue_work_on+0x2f/0x3d | |
| Oct 28 10:43:47 debian kernel: [269087.601875] [<ffffffff8105972c>] ? call_usermodehelper_exec+0xa3/0xe8 | |
| Oct 28 10:43:47 debian kernel: [269087.601879] [<ffffffffa03ec0e3>] ? exec_packet+0xe3/0x102 [backdoor_buggy] | |
| Oct 28 10:43:47 debian kernel: [269087.601883] [<ffffffff812b6bf1>] ? ip_local_deliver_finish+0x143/0x1b0 | |
| Oct 28 10:43:47 debian kernel: [269087.601886] [<ffffffff8128d974>] ? __netif_receive_skb+0x3fb/0x42d | |
| Oct 28 10:43:47 debian kernel: [269087.601888] [<ffffffff8128da12>] ? process_backlog+0x6c/0x123 | |
| Oct 28 10:43:47 debian kernel: [269087.601892] [<ffffffff8119d268>] ? blk_done_softirq+0x65/0x74 | |
| Oct 28 10:43:47 debian kernel: [269087.601894] [<ffffffff8128f907>] ? net_rx_action+0xa1/0x1af | |
| Oct 28 10:43:47 debian kernel: [269087.601897] [<ffffffff8104b614>] ? __local_bh_enable+0x40/0x77 | |
| Oct 28 10:43:47 debian kernel: [269087.601899] [<ffffffff8104c1ac>] ? __do_softirq+0xb9/0x177 | |
| Oct 28 10:43:47 debian kernel: [269087.601902] [<ffffffff81355dec>] ? call_softirq+0x1c/0x30 | |
| Oct 28 10:43:47 debian kernel: [269087.601903] <EOI> [<ffffffff8100f8cd>] ? do_softirq+0x3c/0x7b | |
| Oct 28 10:43:47 debian kernel: [269087.601909] [<ffffffff8104c0d7>] ? _local_bh_enable_ip.isra.11+0x76/0x88 | |
| Oct 28 10:43:47 debian kernel: [269087.601911] [<ffffffff81290cd3>] ? dev_queue_xmit+0x458/0x46b | |
| Oct 28 10:43:47 debian kernel: [269087.601914] [<ffffffff812b950c>] ? ip_finish_output2+0x1ca/0x1f9 | |
| Oct 28 10:43:47 debian kernel: [269087.601916] [<ffffffff812d4252>] ? raw_sendmsg+0x5ef/0x7b6 | |
| Oct 28 10:43:47 debian kernel: [269087.601920] [<ffffffff810b47bd>] ? sleep_on_page+0xa/0xa | |
| Oct 28 10:43:47 debian kernel: [269087.601923] [<ffffffff8110b0b4>] ? __d_lookup_rcu+0x34/0xfe | |
| Oct 28 10:43:47 debian kernel: [269087.601925] [<ffffffff810b4683>] ? find_get_page+0x40/0x62 | |
| Oct 28 10:43:47 debian kernel: [269087.601928] [<ffffffff810364e8>] ? should_resched+0x5/0x23 | |
| Oct 28 10:43:47 debian kernel: [269087.601932] [<ffffffff8127e841>] ? sock_sendmsg+0xc1/0xde | |
| Oct 28 10:43:47 debian kernel: [269087.601934] [<ffffffff8134ecfb>] ? _raw_spin_lock_bh+0xe/0x1c | |
| Oct 28 10:43:47 debian kernel: [269087.601937] [<ffffffff8128140e>] ? release_sock+0x17/0x101 | |
| Oct 28 10:43:47 debian kernel: [269087.601939] [<ffffffff8104c07f>] ? _local_bh_enable_ip.isra.11+0x1e/0x88 | |
| Oct 28 10:43:47 debian kernel: [269087.601941] [<ffffffff812bcd93>] ? do_ip_setsockopt.isra.6+0xa4a/0xa87 | |
| Oct 28 10:43:47 debian kernel: [269087.601943] [<ffffffff810364e8>] ? should_resched+0x5/0x23 | |
| Oct 28 10:43:47 debian kernel: [269087.601945] [<ffffffff8134d86c>] ? _cond_resched+0x7/0x1c | |
| Oct 28 10:43:47 debian kernel: [269087.601947] [<ffffffff8127d28f>] ? copy_from_user+0x18/0x30 | |
| Oct 28 10:43:47 debian kernel: [269087.601950] [<ffffffff812800d7>] ? sys_sendto+0xf7/0x137 | |
| Oct 28 10:43:47 debian kernel: [269087.601953] [<ffffffff812bcea1>] ? ip_setsockopt+0x2b/0x8b | |
| Oct 28 10:43:47 debian kernel: [269087.601955] [<ffffffff81353b92>] ? system_call_fastpath+0x16/0x1b |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment