Corrupted Kernel

Question

I was practicing exploiting linux executables with shellcode when after a while i things start breaking with

Execle: Exec format error

After reboot droplet didn’t connect to internet. From dash board console I ran following commands.

$cat /var/mail/root says:
/bin/sh: execle: Exec format error

$ sudo service network-manager restart
sudo: unable to execute /usr/sbin/service: Exec format error

$ sudo update-grub
sudo: unable to execute /usr/sbin/update-grub: Exec format error

I think i corrupted the kernel, please help!!

Answer 1

Woet December 14, 2017

Make sure your kernel matches your architecture or just restore from your backup / reinstall.

Reply Report

drs5ma December 14, 2017

I have not had backups enabled and i have no network access to reinstall, unless there is a way to rebuild kernel without network access?

$ uname -r
4.4.0-103-generic

How do i tell if this matches my architecture?
Reply Report
- Woet December 14, 2017
  
  Why don’t you just reinstall the droplet?
  
  Reply Report
  
  drs5ma December 14, 2017
  
  I dont want to lose my files
  
  Reply Report
  
  Woet December 14, 2017
  
  Why are you playing with the kernel on an important droplet without backups?
  
  Reply Report
  
  drs5ma December 14, 2017
  
  I’ve never had problem with this before. I was simply running shellcode on executable, I thought process isolation should prevent from overwriting important kernel code
  
  Reply Report
  
  Woet December 14, 2017
  
  You can open a ticket and ask for rescue mode, then backup your files and reinstall.
  
  Reply Report
  
  drs5ma December 14, 2017
  
  the files modified during the last 7 days in the
  /lib/modules/4.4.0-103-generic
  directory were ~10 files of prefix ./modues
  ./modules.symbols
  ./modules.symbols.bin
  ./modules.symbols.alias.bin
  ./modules.softdep
  
  I still dont know what changes were made to these files or if it was benign and unrelated.
  
  Reply Report
  
  drs5ma December 14, 2017
  
  Also:
  The kernel for this Droplet is managed internally and cannot be changed from the control panel.
  
  Reply Report

Answer 2

drs5ma December 14, 2017

I have not had backups enabled and i have no network access to reinstall, unless there is a way to rebuild kernel without network access?

$ uname -r
4.4.0-103-generic

How do i tell if this matches my architecture?
Reply Report
- Woet December 14, 2017
  
  Why don’t you just reinstall the droplet?
  
  Reply Report
  
  drs5ma December 14, 2017
  
  I dont want to lose my files
  
  Reply Report
  
  Woet December 14, 2017
  
  Why are you playing with the kernel on an important droplet without backups?
  
  Reply Report
  
  drs5ma December 14, 2017
  
  I’ve never had problem with this before. I was simply running shellcode on executable, I thought process isolation should prevent from overwriting important kernel code
  
  Reply Report
  
  Woet December 14, 2017
  
  You can open a ticket and ask for rescue mode, then backup your files and reinstall.
  
  Reply Report
  
  drs5ma December 14, 2017
  
  the files modified during the last 7 days in the
  /lib/modules/4.4.0-103-generic
  directory were ~10 files of prefix ./modues
  ./modules.symbols
  ./modules.symbols.bin
  ./modules.symbols.alias.bin
  ./modules.softdep
  
  I still dont know what changes were made to these files or if it was benign and unrelated.
  
  Reply Report
  
  drs5ma December 14, 2017
  
  Also:
  The kernel for this Droplet is managed internally and cannot be changed from the control panel.
  
  Reply Report

Answer 3

ryanpq December 14, 2017

Your best option will likely be to reach out to the support team via a ticket. They can boot your droplet into a recovery environment. This is a Debian based LiveCD image which will allow you to boot your droplet and mount it’s normal disk to make changes, chroot into your disk if needed, or start a temporary SFTP service to copy out needed files. The image must be mounted and removed by the support team and your droplet would then be accessible from the console in the control panel.

Reply Report

Related

Question

Corrupted Kernel

Related

Leave a comment

Looking for something else?

Sign up for our newsletter

Related

Question

Corrupted Kernel

Related

Leave a comment

Related

question

PHP Error Log: authz_core:error - For files that don't exists on my server

question

blocked ip in spam

question

Having MongoDB Startup Errors!

question

How to make web service unavailable. As I develop this application, I'd rather not be burning up CPU or access time when not logged in.

Looking for something else?