/srv/irclogs.ubuntu.com/2017/01/03/#ubuntu-tn.txt

elachecheMorning folks08:32
nzoueidimorning elacheche08:53
praisethemoongood morning fellows08:58
nzoueidimorning praisethemoon :D08:58
praisethemoonHow is it going son?08:58
nzoueidias usual dad, working and drinking coffee x) wbu?09:00
elachecheo/09:01
praisethemoonnzoueidi, Like father like son09:04
praisethemoonXDDDDDDD09:04
praisethemoonelacheche, o/09:04
praisethemoonnzoueidi, i bet like grand father elacheche too :p09:04
* pavlushka is praising the moon.09:07
pavlushkaMoon is a good reflector of the Sun during the night :)09:08
nzoueidixD09:14
nzoueidio/ pavlushka09:14
praisethemoon\o/09:17
praisethemoonpavlushka, Good \o/09:17
pavlushkanzoueidi: o/11:14
=== ichihi is now known as ichihi|call
elachechenzoueidi oussemos praisethemoon interesting review → #33C3 #Infrastructure Review https://youtu.be/m6dw3AMrOw012:38
pavlushkaHello elacheche :)12:44
pavlushkawbb12:44
elachecheHey pavlushka :)12:46
oussemosthx for the link elacheche ;-)16:20
elacheche:)17:44
Drohello18:15
Droelacheche, are u there?19:11
elachecheDro: o/21:24
Droahla elacheche ! ça va?21:25
elachecheYep, u?21:25
Drohmd21:26
Drokont bech nes2lek 3la 7kaya21:27
elachecheHow can I help21:27
Droelacheche, its a 'strange' problem as always :D21:28
Drowell I have openvpn running automatically on startup21:28
elachecheWe learn from that, so I'm thankfull for sharing stange issues :)21:28
Droand connecting to an IP that I never used21:28
Droand I don't know21:29
Drobref, kol ma n7el el pc nal9a l'ip mta3i mel suede !21:29
elachecheAnd you wanna stop that?21:29
Droce qui est bizarre ma femma 7atta connexion vpn actif fel connections manager21:30
Drochaque fois je dois faire un sudo killall openvpn fel terminal21:30
elachecheDid you checked your cron jobs?21:30
Drobon mouch i want to stop it, mais n7eb na3ref chnia l'origine mta3 la7keya hethi21:30
Drobref choft les programmes eli yetlansaw fel démarrage21:31
elachecheDid you checked your cron jobs?21:31
Drow fe9t de passage eli 3andi un RAT .jar dra mnin jeni haha :D21:31
elachecheoops x)21:31
Drooui oui21:31
elachecheYou must installed it :) :D21:31
Dro93ad rbo3 sa3a bloqué hahahaha21:32
Drowait21:32
Drobech nwarik kifech l9itou bethabt21:32
Drovoila, j'avais cette commannde qui s'execute auto au démarrage21:32
Dro..  /usr/lib/jvm/java-7-oracle/jre/bin/java -jar /home/ubuntu/.Qjytmqba/Nezqzwta.jar21:33
Drow msammih Torzm Duuif21:33
Drobref avec une ptite recherche sur google j'ai trouvé que c'est un RAT esmou AdWind21:33
elachechex)21:34
Dromais j'ai pas pu savoir si il est en cours d'execution ou pas21:34
Droauccune trace sur le Systeme monitor21:34
Droet aucune trace sur 'top'21:34
Droen tt cas na77itou w t3adit 3la rou7i :D21:34
elachecheAfter you removed it you rebooted and you still connect to the vpn?21:35
Dromais je sais pas si 3andou 3ala9a b7kayet el serveur openvpn eli 9a3ed nconnecti 3lih chaque stratup ou pas21:35
Droou bien c'est un truc à part21:35
Drono ma 3maltech reboot21:35
Drotawa je cherche comment je peux vérifier tt les scripts qui s'executent au démarrage21:36
Drobech nefhem 7kayet el openvpn mnin jet21:36
elachecheTry a reboot and check, maybe the jar just execute openVPN with the good config file.. If you still have the jar we probably can debug it and see what it is doing21:36
Drobtw, ynejem ykoun mizel 9a3ed y'executi tawa el RAT :D vu que j'ai pas rédemarré21:36
elachecheWhat ubuntu verson do you have?21:38
Dro16.0421:38
Dro+ j'ai déjà cherché bcp dessus21:38
Droaslan ma net'hanna ken ma nlawej w n'analysi mli7 w nefhem ech 9a3ed ya3mel bethabt :D21:39
elachechesystemctl list-unit-files | grep enabled21:39
Drobref j'ai trouvé qu'il se connecte à une IP turc apparement21:39
Drow comme chaque RAT il donne un accés total sur la machine21:39
Dro:/21:39
elachecheYep :/21:39
Drooui je l'ai déjà vu21:40
Drocette commande ta3tik juste les noms de services21:40
Droet openvpn existe bel et bien et je peux le désactiver21:41
Droopenvpn.service                            enabled21:41
elachecheBest thng to do right now is to reboot, then check if the OpenVPN still connected, if so try to list the enabled services via systemctl, and check all your users crontabs (a basic for loop, I can share it if you like)21:41
Dromais je veux savoir mnin jet la7keya w l'ip heki21:41
Droprobablement femma script wella 7aja21:41
elachecheDro: Check the content of openvpn.service.. It uses a cfg file to start it? if so you'll find the path21:42
Drobon normalement c pas un nom de fichier21:42
Drowell i guess :P21:42
Droeh donc comment trouver le conf si ça existe21:43
Droc pas le conf par défaut de openvpn zeda21:43
Droi guess 2 :P21:43
elachecheHold on, let me check21:43
elachecheDro: Check if the service file is in here → ls /usr/lib/systemd/*21:45
Droelacheche, bon j'ai trouvé qq .service sous  /usr/lib/systemd/user , mais le openvpn.service mouch ghadi21:48
Dro1 sec let me try locate21:48
* elacheche don't use systemd :/21:49
Drohmm21:50
Droi feel a bit stupid21:50
Drowell, I found 2 openvpn.service files21:50
Dronothing interested in both of them21:51
Droexcept the "configDir=" variable21:51
Dro"/etc/openvpn"21:51
DroI checked it out21:51
DroI found that I have some files .crt .pem .key .conf .... etc21:52
Drothat I "maybe" tried it i dunno when :|21:52
elachechex)21:52
Drofinally it seems it me who added these files21:52
Drohahaha :D21:52
Droits me* ! :|21:53
elachechex)21:53
Droema ça doit pas marcher21:53
Dro5ater el vpn heka a déja expiré :|21:54
Droen tt cas je vais les supprimer , faire un reboot et voir21:54
Drodans les 2 cas j'ai rien perdu.. par contre fe9t que j'avais un RAT21:54
Drosodfa 5ayron men alfi mi3ad :D21:54
elachechex)21:55
elachecheOK then,, let me go back to my Gentoo :p21:56
Drook, see u tomorrow! :D21:57
elacheche:)21:58
Drothanks for ur help, good night! (F)21:59

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!