[08:32] <elacheche> Morning folks
[08:53] <nzoueidi> morning elacheche
[08:58] <praisethemoon> good morning fellows
[08:58] <nzoueidi> morning praisethemoon :D
[08:58] <praisethemoon> How is it going son?
[09:00] <nzoueidi> as usual dad, working and drinking coffee x) wbu?
[09:01] <elacheche> o/
[09:04] <praisethemoon> nzoueidi, Like father like son
[09:04] <praisethemoon> XDDDDDDD
[09:04] <praisethemoon> elacheche, o/
[09:04] <praisethemoon> nzoueidi, i bet like grand father elacheche too :p
[09:07]  * pavlushka is praising the moon.
[09:08] <pavlushka> Moon is a good reflector of the Sun during the night :)
[09:14] <nzoueidi> xD
[09:14] <nzoueidi> o/ pavlushka
[09:17] <praisethemoon> \o/
[09:17] <praisethemoon> pavlushka, Good \o/
[11:14] <pavlushka> nzoueidi: o/
[12:38] <elacheche> nzoueidi oussemos praisethemoon interesting review → #33C3 #Infrastructure Review https://youtu.be/m6dw3AMrOw0
[12:44] <pavlushka> Hello elacheche :)
[12:44] <pavlushka> wbb
[12:46] <elacheche> Hey pavlushka :)
[16:20] <oussemos> thx for the link elacheche ;-)
[17:44] <elacheche> :)
[18:15] <Dro> hello
[19:11] <Dro> elacheche, are u there?
[21:24] <elacheche> Dro: o/
[21:25] <Dro> ahla elacheche ! ça va?
[21:25] <elacheche> Yep, u?
[21:26] <Dro> hmd
[21:27] <Dro> kont bech nes2lek 3la 7kaya
[21:27] <elacheche> How can I help
[21:28] <Dro> elacheche, its a 'strange' problem as always :D
[21:28] <Dro> well I have openvpn running automatically on startup
[21:28] <elacheche> We learn from that, so I'm thankfull for sharing stange issues :)
[21:28] <Dro> and connecting to an IP that I never used
[21:29] <Dro> and I don't know
[21:29] <Dro> bref, kol ma n7el el pc nal9a l'ip mta3i mel suede !
[21:29] <elacheche> And you wanna stop that?
[21:30] <Dro> ce qui est bizarre ma femma 7atta connexion vpn actif fel connections manager
[21:30] <Dro> chaque fois je dois faire un sudo killall openvpn fel terminal
[21:30] <elacheche> Did you checked your cron jobs?
[21:30] <Dro> bon mouch i want to stop it, mais n7eb na3ref chnia l'origine mta3 la7keya hethi
[21:31] <Dro> bref choft les programmes eli yetlansaw fel démarrage
[21:31] <elacheche> Did you checked your cron jobs?
[21:31] <Dro> w fe9t de passage eli 3andi un RAT .jar dra mnin jeni haha :D
[21:31] <elacheche> oops x)
[21:31] <Dro> oui oui
[21:31] <elacheche> You must installed it :) :D
[21:32] <Dro> 93ad rbo3 sa3a bloqué hahahaha
[21:32] <Dro> wait
[21:32] <Dro> bech nwarik kifech l9itou bethabt
[21:32] <Dro> voila, j'avais cette commannde qui s'execute auto au démarrage
[21:33] <Dro> ..  /usr/lib/jvm/java-7-oracle/jre/bin/java -jar /home/ubuntu/.Qjytmqba/Nezqzwta.jar
[21:33] <Dro> w msammih Torzm Duuif
[21:33] <Dro> bref avec une ptite recherche sur google j'ai trouvé que c'est un RAT esmou AdWind
[21:34] <elacheche> x)
[21:34] <Dro> mais j'ai pas pu savoir si il est en cours d'execution ou pas
[21:34] <Dro> auccune trace sur le Systeme monitor
[21:34] <Dro> et aucune trace sur 'top'
[21:34] <Dro> en tt cas na77itou w t3adit 3la rou7i :D
[21:35] <elacheche> After you removed it you rebooted and you still connect to the vpn?
[21:35] <Dro> mais je sais pas si 3andou 3ala9a b7kayet el serveur openvpn eli 9a3ed nconnecti 3lih chaque stratup ou pas
[21:35] <Dro> ou bien c'est un truc à part
[21:35] <Dro> no ma 3maltech reboot
[21:36] <Dro> tawa je cherche comment je peux vérifier tt les scripts qui s'executent au démarrage
[21:36] <Dro> bech nefhem 7kayet el openvpn mnin jet
[21:36] <elacheche> Try a reboot and check, maybe the jar just execute openVPN with the good config file.. If you still have the jar we probably can debug it and see what it is doing
[21:36] <Dro> btw, ynejem ykoun mizel 9a3ed y'executi tawa el RAT :D vu que j'ai pas rédemarré
[21:38] <elacheche> What ubuntu verson do you have?
[21:38] <Dro> 16.04
[21:38] <Dro> + j'ai déjà cherché bcp dessus
[21:39] <Dro> aslan ma net'hanna ken ma nlawej w n'analysi mli7 w nefhem ech 9a3ed ya3mel bethabt :D
[21:39] <elacheche> systemctl list-unit-files | grep enabled
[21:39] <Dro> bref j'ai trouvé qu'il se connecte à une IP turc apparement
[21:39] <Dro> w comme chaque RAT il donne un accés total sur la machine
[21:39] <Dro> :/
[21:39] <elacheche> Yep :/
[21:40] <Dro> oui je l'ai déjà vu
[21:40] <Dro> cette commande ta3tik juste les noms de services
[21:41] <Dro> et openvpn existe bel et bien et je peux le désactiver
[21:41] <Dro> openvpn.service                            enabled
[21:41] <elacheche> Best thng to do right now is to reboot, then check if the OpenVPN still connected, if so try to list the enabled services via systemctl, and check all your users crontabs (a basic for loop, I can share it if you like)
[21:41] <Dro> mais je veux savoir mnin jet la7keya w l'ip heki
[21:41] <Dro> probablement femma script wella 7aja
[21:42] <elacheche> Dro: Check the content of openvpn.service.. It uses a cfg file to start it? if so you'll find the path
[21:42] <Dro> bon normalement c pas un nom de fichier
[21:42] <Dro> well i guess :P
[21:43] <Dro> eh donc comment trouver le conf si ça existe
[21:43] <Dro> c pas le conf par défaut de openvpn zeda
[21:43] <Dro> i guess 2 :P
[21:43] <elacheche> Hold on, let me check
[21:45] <elacheche> Dro: Check if the service file is in here → ls /usr/lib/systemd/*
[21:48] <Dro> elacheche, bon j'ai trouvé qq .service sous  /usr/lib/systemd/user , mais le openvpn.service mouch ghadi
[21:48] <Dro> 1 sec let me try locate
[21:49]  * elacheche don't use systemd :/
[21:50] <Dro> hmm
[21:50] <Dro> i feel a bit stupid
[21:50] <Dro> well, I found 2 openvpn.service files
[21:51] <Dro> nothing interested in both of them
[21:51] <Dro> except the "configDir=" variable
[21:51] <Dro> "/etc/openvpn"
[21:51] <Dro> I checked it out
[21:52] <Dro> I found that I have some files .crt .pem .key .conf .... etc
[21:52] <Dro> that I "maybe" tried it i dunno when :|
[21:52] <elacheche> x)
[21:52] <Dro> finally it seems it me who added these files
[21:52] <Dro> hahaha :D
[21:53] <Dro> its me* ! :|
[21:53] <elacheche> x)
[21:53] <Dro> ema ça doit pas marcher
[21:54] <Dro> 5ater el vpn heka a déja expiré :|
[21:54] <Dro> en tt cas je vais les supprimer , faire un reboot et voir
[21:54] <Dro> dans les 2 cas j'ai rien perdu.. par contre fe9t que j'avais un RAT
[21:54] <Dro> sodfa 5ayron men alfi mi3ad :D
[21:55] <elacheche> x)
[21:56] <elacheche> OK then,, let me go back to my Gentoo :p
[21:57] <Dro> ok, see u tomorrow! :D
[21:58] <elacheche> :)
[21:59] <Dro> thanks for ur help, good night! (F)