Yesterday I successfully built the Linux VM but found something on my host that concerns me.
When I rebooted and ran netstat, I found that a couple of w/o servers were contacted. Mostly fastly OSCP servers and domains called Warsaw. infra and graveyard. infra
I ran rk hunter and detected that Permitrootlogin in the ssh config was set to undefined and there was a hidden .java file in /etc/
The Warsaw and graveyard domains ran over the 5000 port range.
Are these domains legit or am I PWN'D
And could it be that some HTTP:// URI in the build.sh script have been Sniffed on?
Hey there,
Yesterday I successfully built the Linux VM but found something on my host that concerns me.
When I rebooted and ran netstat, I found that a couple of w/o servers were contacted. Mostly fastly OSCP servers and domains called Warsaw. infra and graveyard. infra
I ran rk hunter and detected that Permitrootlogin in the ssh config was set to undefined and there was a hidden .java file in /etc/
The Warsaw and graveyard domains ran over the 5000 port range.
Are these domains legit or am I PWN'D
And could it be that some HTTP:// URI in the build.sh script have been Sniffed on?
Would love to hear from you.
Cheers.