drs5ma
By:
drs5ma

Corrupted Kernel

December 14, 2017 857 views
Networking Linux Basics Ubuntu 16.04

I was practicing exploiting linux executables with shellcode when after a while i things start breaking with

Execle: Exec format error

After reboot droplet didn't connect to internet. From dash board console I ran following commands.

$cat /var/mail/root says:
/bin/sh: execle: Exec format error

$ sudo service network-manager restart
sudo: unable to execute /usr/sbin/service: Exec format error

$ sudo update-grub
sudo: unable to execute /usr/sbin/update-grub: Exec format error

I think i corrupted the kernel, please help!!

Log In to Comment
2 Answers
Woet December 14, 2017

Make sure your kernel matches your architecture or just restore from your backup / reinstall.

Reply
  • drs5ma December 14, 2017

    I have not had backups enabled and i have no network access to reinstall, unless there is a way to rebuild kernel without network access?

    $ uname -r
    4.4.0-103-generic

    How do i tell if this matches my architecture?

    • Woet December 14, 2017

      Why don't you just reinstall the droplet?

      • drs5ma December 14, 2017

        I dont want to lose my files

        • Woet December 14, 2017

          Why are you playing with the kernel on an important droplet without backups?

          • drs5ma December 14, 2017

            I've never had problem with this before. I was simply running shellcode on executable, I thought process isolation should prevent from overwriting important kernel code

          • Woet December 14, 2017

            You can open a ticket and ask for rescue mode, then backup your files and reinstall.

          • drs5ma December 14, 2017

            the files modified during the last 7 days in the
            /lib/modules/4.4.0-103-generic
            directory were ~10 files of prefix ./modues
            ./modules.symbols
            ./modules.symbols.bin
            ./modules.symbols.alias.bin
            ./modules.softdep

            I still dont know what changes were made to these files or if it was benign and unrelated.

      • drs5ma December 14, 2017

        Also:
        The kernel for this Droplet is managed internally and cannot be changed from the control panel.

ryanpq MOD December 14, 2017

Your best option will likely be to reach out to the support team via a ticket. They can boot your droplet into a recovery environment. This is a Debian based LiveCD image which will allow you to boot your droplet and mount it's normal disk to make changes, chroot into your disk if needed, or start a temporary SFTP service to copy out needed files. The image must be mounted and removed by the support team and your droplet would then be accessible from the console in the control panel.

Reply
Have another answer? Share your knowledge.

Related Questions