Choose style:

Author Topic: What could this be? Is this possible?  (Read 1296 times)

0 Members and 1 Guest are viewing this topic.

Offline kimbopeppermint

  • Jr. Member
  • **
  • Posts: 70
  • Karma: 4
    • View Profile
What could this be? Is this possible?
« on: February 10, 2017, 11:50:21 pm »
 :o

JazzMaster commented 19 days ago
[00:56:03] FileServer Unknown target onion address: lzxufmo7heqhrbeh
appears repeatedly (all proper sites end in onion) and I noticed some files when pushing a late update. The file browser showed them as images. SocketIO,re ...etc. And they were snapshots of me launching zeronet sitting there in its folder. Which makes no sence.

Either previous zeronet took them or somehow ubuntu, despite being locked down is attempting to send console snapshots over the onion network. NEITHER is good. If it involves us, we need to put the kabash and ban this mf-er. Comcast ans spectrum aka Twc aka ATT MAY be to fall as well. This is one of the only hdd not exclusively scanned to the T- because it doesnt get infected. 100% always on scans are ludicris machine stoppers.Going to scan for rootkits but I want to ensure the site gets updated since Im picking up traffic. Nothing else seems affected by this. No other files seem out of place.
 :-1: 2 
@MuxZeroNet
 Contributor
MuxZeroNet commented 18 days ago
Sorry, but we need more clarification.
@JazzMaster
 
JazzMaster commented 11 days ago
looked like someone was snapshotting me while running zero and saving the files as random text. caja knew better. also: random ass onions showing up without the .onion domain. I have another.

This is scary af, is this guy just having a false positive or is there some bad shit for linux going around on darknets? :o
Any of you mods know if something like this is possible, or how it could have executed itself?
"I'm a merciless butcher of virgin machines !"
~VinDSL March 07, 2017

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26466
  • Karma: 2885
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Re: What could this be? Is this possible?
« Reply #1 on: February 11, 2017, 10:42:01 am »
I have no idea what "zero" is or where the guy installed it from, so can't comment on whether it's malware ???

You question seems to be .. if I install some random software from outside the repos, could it spy on me? .. well YES, if you install something from outside the default repos YOU are responsible for it.

Peppermint (or any other distro) will not stop YOU from installing malware .. you are after all the system administrator, but you're not to likely get any from the default repos.
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline kimbopeppermint

  • Jr. Member
  • **
  • Posts: 70
  • Karma: 4
    • View Profile
Re: What could this be? Is this possible?
« Reply #2 on: February 11, 2017, 03:22:13 pm »
Well to clarify, I never installed this on a Peppermint OS installation  8)

ZeroNet itself is not malicious, its a form of darknet thats a hell of a lot less dark because its a P2P network where sites cannot be taken down. I figured it was harmless because the script runs without admin priviledges on my other install. I personally never had any problems from it. My issue came when I saw this concern and realized if a site had malware on it, it was possible in sharing it that i would download it, and if it had been designed on python or for linux it could have done something, if given the permission, correct?

If the software does not run as root can it still run tasks like snapshots?
"I'm a merciless butcher of virgin machines !"
~VinDSL March 07, 2017

Offline kimbopeppermint

  • Jr. Member
  • **
  • Posts: 70
  • Karma: 4
    • View Profile
Re: What could this be? Is this possible?
« Reply #3 on: February 11, 2017, 03:27:15 pm »
Heres the GitHub source of ZeroNet

https://github.com/HelloZeroNet/ZeroNet
"I'm a merciless butcher of virgin machines !"
~VinDSL March 07, 2017

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 26466
  • Karma: 2885
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 10
Re: What could this be? Is this possible?
« Reply #4 on: February 11, 2017, 07:32:42 pm »
If you're asking me if a userspace application/script can capture keyboard and therefore terminal input .. YES.

There is no way around this .. think about it, nearly every application run as a regular user has to be able to receive and understand keystrokes or how could you input anything into that app ?

Here's a pretty clear explanation
Quote
If an attacker can run code on your machine as your user, then they can log your key presses.

Well, duh. All the applications you're running have access to your key presses. If you're typing stuff in your web browser, your web browser has access to your key presses.

Ah, you say, but what about logging key presses in another application? As long as the other application is running on the same X server, they can still be logged. X11 doesn't attempt to isolate applications that's not its job. X11 allows programs to define global shortcuts, which is useful for input methods, to define macros, etc.

If the attacker can run code as your user, he can also read and modify your files, and cause all kinds of other harm.

This is not a threat. It's part of the normal expectations of a working system. If you allow an attacker to run code on your machine, your machine isn't safe anymore. It's like if you open your front door and allow an axe murderer in: if you then get cleaved in two, it's not because your front door is insecure.

The keylogger can only log keys pressed by the infected user. (At least as long as the infected user doesn't type the sudo password.)
Source: https://superuser.com/questions/301646/linux-keylogger-without-root-or-sudo-is-it-real

It's as simple as this .. if you didn't get your application/script from the default repos, and you're not sure you can trust it .. DON'T RUN IT.

So it would be a VERY good idea to never enter your root password whilst running ANY application/script you don't know you can trust.

All Linux can do is stop code gaining access to your PC without your permission .. if YOU run it, it will not protect you from yourself (nor should it attempt to).
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline kimbopeppermint

  • Jr. Member
  • **
  • Posts: 70
  • Karma: 4
    • View Profile
Re: What could this be? Is this possible?
« Reply #5 on: February 12, 2017, 07:08:19 am »
I've used this PPA before, is it safe? How would i be able to find out?
https://launchpad.net/~ubuntuhandbook1/+archive/ubuntu/corebird
"I'm a merciless butcher of virgin machines !"
~VinDSL March 07, 2017