Corrupted Kernel

December 14, 2017 1.1k views
Networking Linux Basics Ubuntu 16.04

I was practicing exploiting linux executables with shellcode when after a while i things start breaking with

Execle: Exec format error

After reboot droplet didn't connect to internet. From dash board console I ran following commands.

$cat /var/mail/root says:
/bin/sh: execle: Exec format error

$ sudo service network-manager restart
sudo: unable to execute /usr/sbin/service: Exec format error

$ sudo update-grub
sudo: unable to execute /usr/sbin/update-grub: Exec format error

I think i corrupted the kernel, please help!!

2 Answers

Make sure your kernel matches your architecture or just restore from your backup / reinstall.

  • I have not had backups enabled and i have no network access to reinstall, unless there is a way to rebuild kernel without network access?

    $ uname -r
    4.4.0-103-generic

    How do i tell if this matches my architecture?

    • Why don't you just reinstall the droplet?

      • I dont want to lose my files

        • Why are you playing with the kernel on an important droplet without backups?

          • I've never had problem with this before. I was simply running shellcode on executable, I thought process isolation should prevent from overwriting important kernel code

          • You can open a ticket and ask for rescue mode, then backup your files and reinstall.

          • the files modified during the last 7 days in the
            /lib/modules/4.4.0-103-generic
            directory were ~10 files of prefix ./modues
            ./modules.symbols
            ./modules.symbols.bin
            ./modules.symbols.alias.bin
            ./modules.softdep

            I still dont know what changes were made to these files or if it was benign and unrelated.

      • Also:
        The kernel for this Droplet is managed internally and cannot be changed from the control panel.

Your best option will likely be to reach out to the support team via a ticket. They can boot your droplet into a recovery environment. This is a Debian based LiveCD image which will allow you to boot your droplet and mount it's normal disk to make changes, chroot into your disk if needed, or start a temporary SFTP service to copy out needed files. The image must be mounted and removed by the support team and your droplet would then be accessible from the console in the control panel.

Have another answer? Share your knowledge.