Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Suspicious activities on SSH. How do we decrypt these characters?

Discussion in 'General Discussion' started by Roy@ENHOST, Mar 1, 2009.

  1. Roy@ENHOST

    Roy@ENHOST Well-Known Member

    Joined:
    Mar 5, 2002
    Messages:
    493
    Likes Received:
    0
    Trophy Points:
    316
    Location:
    Los Angeles California
    Hi guys,


    I just did an strace on one of the SSH processes on my server and this is what I got. They look like octal codes to me.
    How do we decrypt it to get something more meaningful?

    root@intelpentium4 [~]# strace -p 22696
    Process 22696 attached - interrupt to quit
    select(13, [3 7], [], NULL, NULL
    ) = 1 (in [3])
    rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
    rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
    read(3, "\4\250\262\372\253\27*\222\323\307|\330[\227\0371i>}H\307\354\6\266\1779W\214\217\201\2748"..., 16384) = 68
    write(3, "\346]\261\344\370\212\263\243\207\17\27\34\247\347t\221/Q\221\351\221VR\254P\364o\372\243\265P\245"..., 36) = 36
    select(13, [3 7], [], NULL, NULL) = 1 (in [3])
    rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
    rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
    read(3, "]!A\250\22q1\357\350\211\217J\246\224<\251)#4\314\203DZ\245\244\273\25\221\205\312R\6"..., 16384) = 68
    write(3, "\0064#=#L\206\357\24K\'(\365\343k\233,#BB\251\303Md3\270\227\365QL\25s"..., 36) = 36
    select(13, [3 7], [], NULL, NULL) = 1 (in [3])
    rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
    rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
    read(3, "\'\350j\35\271\340W\216d\207\316\321<<\306\243\306B\35\326@dG3(\302\212\227\203\266\2m"..., 16384) = 68
    write(3, "\371\206\t.\r\330\312\300\1dW( 1\367\27\257\251\24\354\t\330\250\263}\275\214\177\215x\245$"..., 36) = 36
    select(13, [3 7], [], NULL, NULL) = 1 (in [3])
    rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
    rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
    read(3, "\337\2439\247,ZD\364X\261s[\376\241\214\273\350\207\314\24i\213^\207\275\2424\257.P\355\16"..., 16384) = 68
    write(3, "\320\300\307P&UwS0\334e8u\227p\317\261\335n6\16\327\24\220\375\4\0249mS\331\23"..., 36) = 36
    select(13, [3 7], [], NULL, NULL) = 1 (in [3])
    rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
    rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
    read(3, "\371\260\225\225\364}\37\277D\24\320\207ZB\302\253a\253\246k\232\260\303\216\26[\240_\355L/\202"..., 16384) = 68
    write(3, "i\346\177bN\372\233M\4\343\2512+\255\225\273\tW\275\241\3411\341h\21\202\225\361\230\252%\304"..., 36) = 36
    select(13, [3 7], [], NULL, NULL) = 1 (in [3])
    rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
    rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
    read(3, "\220\204C\234uD\332\260\35f\324\2712^\2337\253\252\34\323\vy\20\254\377\246\302\336\230\30\223\262"..., 16384) = 68
    write(3, "\r\202\331\372Y\25p\33\357\347\367\251\307\305\312\21\275x\22\274c\314\333\354ak$\3668\320\267\372"..., 36) = 36
    select(13, [3 7], [], NULL, NULL
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice