Did I get ratted?

  c++, linux, ssh, windows-subsystem-for-linux

I’ve set up WSL and use it to develop C/C++ for Linux. I couldn’t get the direct integration with Visual Studio to work, so I just start the ssh service in WSL in order to use it for development.

During development, my computer crashed. BSOD dump doesn’t tell anything important except the origin is related to my instance of Ubuntu on WSL.

Looking at the command history, I see a lot of the following:

   11  echo 'E2E32F1A-3E99-4EDF-A62A-10EDB5F81201'; tty; echo '3DF461C2-CE92-4D65-BA28-5278E01CFF5A'
   12  echo 'sleepforever'
   13  sleep 31536000
   14  gdb --tty /dev/pts/0 --interpreter=mi; echo fab7778d-5eaf-46cb-943a-0a73f185bbe2

//...
   59  kill -2 17776;echo; echo fab7778d-5eaf-46cb-943a-0a73f185bbe2

//... cant imagine why this is here
  308  sudo nano /etc/ssh/sshd_config
  309  sudo cat /etc/ssh/sshd_config

//... crash happened around this time
 2631  gdb --tty /dev/pts/0 --interpreter=mi; echo fab7778d-5eaf-46cb-943a-0a73f185bbe2
//... after reboot
 2632  history

It looks like normal debugging commands Visual Studio would run, but I’d like to be sure. I can chalk it up to a normal, infrequent computer crash, certainly, but since the port is open to access the subsystem and the subsystem hasn’t any complex protection, I believe it certainly possible that I missed something in these thousands of commands.

What steps should I take to review the security of my system? Do these commands seem normal of the C/C++ Visual Studio WSL environment?

Source: Windows Questions C++

LEAVE A COMMENT