Page 1 of 1

Permission denied to the Rapsberry Pi (unable to do anything)

Posted: Sat Dec 30, 2017 9:03 am
by Juggernoud1
Hi there,

It seems that I have been hacked on my Rapsberry Pi :( I am unable to login into my Raspberry Pi. I can't typ anything while starting up the Rapsberry Pi.
It keeps sending me new text over and over again while trying to reconnect. It says Connection timed out during banner exchange and then it says lost connection.
Also it tries it connect to different SSH ports without success. In attachment there is a picture of my issue:
Lost connection2.JPG
Lost connection
Lost connection2.JPG (48.78 KiB) Viewed 1762 times
I also tried to reset the Pi in the cdmline text file with this: dwc_otg.lpm_enable=0 console=ttyAMA0,115200 kgdboc=ttyAMA0,115200 console=tty1 root=/dev/mmcblk0p2 rootfstype=ext4 elevator=deadline rootwait init=/bin/sh

But the main issue is that I can't typ anything while starting up the Raspberry Pi. Also I tried to connect via MyPutty but it's impossible to make connection with the Raspberry Pi.

I hope there is someone with suggestions how to tackle this issue.
Many many thanks in advance!!

Kind regards,
Noud

Re: Permission denied to the Rapsberry Pi (unable to do anything)

Posted: Sat Dec 30, 2017 10:13 am
by jamesh
Try flashing the SD card. You lose any data on the card, but from what I can see, that installation looks very unwell.

Re: Permission denied to the Rapsberry Pi (unable to do anything)

Posted: Sat Dec 30, 2017 10:36 am
by beta-tester
your picture looks similar to an other thread:
viewtopic.php?f=28&t=201119

Re: Permission denied to the Rapsberry Pi (unable to do anything)

Posted: Sat Dec 30, 2017 10:39 am
by DougieLawson
beta-tester wrote:
Sat Dec 30, 2017 10:36 am
your picture looks similar to an other thread:
viewtopic.php?f=28&t=201119
I've reported both threads as that's a common spammer technique - take an ancient post and re-post it. It would be odd to have two users with identical failures in /etc/rc.local causing their machine to fail to boot.

Re: Permission denied to the Rapsberry Pi (unable to do anything)

Posted: Sat Dec 30, 2017 12:04 pm
by jojopi
The pictures are not identical, and I do not see how this could possibly be spam.

Clearly both posters have very similar stuff added to rc.local, though. Maybe this is the result of a compromise, as suggested in the original post.

If you do not recognise why the system is attempting to run ssh at boot, then you need to do a fresh Raspbian install. If there are files you want to recover from the existing install, do the fresh install on a new SD card and then mount the old one in a USB card reader.

Re: Permission denied to the Rapsberry Pi (unable to do anything)

Posted: Sun Dec 31, 2017 7:30 am
by Juggernoud1
jojopi wrote:
Sat Dec 30, 2017 12:04 pm
The pictures are not identical, and I do not see how this could possibly be spam.

Clearly both posters have very similar stuff added to rc.local, though. Maybe this is the result of a compromise, as suggested in the original post.

If you do not recognise why the system is attempting to run ssh at boot, then you need to do a fresh Raspbian install. If there are files you want to recover from the existing install, do the fresh install on a new SD card and then mount the old one in a USB card reader.
Thank you very much for your help and support! I appreciate it very much! I will try what you suggest. Have a great and happy 2018. Cheers.

Re: Permission denied to the Rapsberry Pi (unable to do anything)

Posted: Sun Dec 31, 2017 10:57 am
by sparkie777
maybe you get an answer there:

pi 3 - Login issue: Can't type anything! (SSH connect to host -> Connection timed out): Lost connection - Raspberry Pi Stack Exchange

somebody (if not you?) for some reason got exactly the same problem like you :-)

Re: Permission denied to the Rapsberry Pi (unable to do anything)

Posted: Mon Jan 01, 2018 9:42 pm
by ricman
Juggernoud1 wrote:
Sat Dec 30, 2017 9:03 am
Hi there,

It seems that I have been hacked on my Rapsberry Pi :( I am unable to login into my Raspberry Pi. I can't typ anything while starting up the Rapsberry Pi.
It keeps sending me new text over and over again while trying to reconnect. It says Connection timed out during banner exchange and then it says lost connection.
Also it tries it connect to different SSH ports without success. In attachment there is a picture of my issue:

Lost connection2.JPG

I also tried to reset the Pi in the cdmline text file with this: dwc_otg.lpm_enable=0 console=ttyAMA0,115200 kgdboc=ttyAMA0,115200 console=tty1 root=/dev/mmcblk0p2 rootfstype=ext4 elevator=deadline rootwait init=/bin/sh

But the main issue is that I can't typ anything while starting up the Raspberry Pi. Also I tried to connect via MyPutty but it's impossible to make connection with the Raspberry Pi.

I hope there is someone with suggestions how to tackle this issue.
Many many thanks in advance!!

Kind regards,
Noud
Also me have identical problem....
How to resolve ? And why happen this ?
I have a webapp on raspberry, and this work very well.
But I can't to connect in ssh ....I have the same problem with the same your screenshot
I post the ssh command with -v options:

Code: Select all

ssh -v pi@192.168.178.38
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.168.178.38 [192.168.178.38] port 22.
debug1: Connection established.
debug1: identity file /home/ricman/.ssh/id_rsa type 1
debug1: identity file /home/ricman/.ssh/id_rsa-cert type -1
debug1: identity file /home/ricman/.ssh/id_dsa type -1
debug1: identity file /home/ricman/.ssh/id_dsa-cert type -1
debug1: identity file /home/ricman/.ssh/id_ecdsa type -1
debug1: identity file /home/ricman/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/ricman/.ssh/id_ed25519 type -1
debug1: identity file /home/ricman/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.8
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4p1 Raspbian-10+deb9u2
debug1: match: OpenSSH_7.4p1 Raspbian-10+deb9u2 pat OpenSSH* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1-etm@openssh.com none
debug1: kex: client->server aes128-ctr hmac-sha1-etm@openssh.com none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 06:6b:84:c5:ed:63:90:21:31:7b:b8:94:b0:20:f1:a6
debug1: Host '192.168.178.38' is known and matches the ECDSA host key.
debug1: Found key in /home/ricman/.ssh/known_hosts:52
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/ricman/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/ricman/.ssh/id_dsa
debug1: Trying private key: /home/ricman/.ssh/id_ecdsa
debug1: Trying private key: /home/ricman/.ssh/id_ed25519
debug1: Next authentication method: password
pi@192.168.178.38's password: 
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
pi@192.168.178.38's password: 

Re: Permission denied to the Rapsberry Pi (unable to do anything)

Posted: Wed Jan 03, 2018 7:44 am
by ricman
ok.
I think I have solved: this happen because I have a virus: Linux.MulDrop.14, that infects Raspberry Pi devices....

https://itsfoss.com/raspberry-pi-malware-threat/

Re: Permission denied to the Rapsberry Pi (unable to do anything)

Posted: Wed Jan 03, 2018 9:43 am
by RaTTuS
^ probably,
as james said , reflash a new image
and never ever expose your RPi to the world via port forwarding unless you first disable the pi user or at least change it's password from the default

Re: Permission denied to the Rapsberry Pi (unable to do anything)

Posted: Thu Jan 04, 2018 9:49 am
by Juggernoud1
Thanks for all your help. I appreciate it.
I ordered a new Raspberry Pi with a new SC card. Not only for this issue but also to have a back up for my installation.

At the moment I am backing up all the files from my infected Raspberry pi with Ext2Read for the programs that are still on there (https://superuser.com/questions/465393/ ... on-windows)

Now I am trying to get these files back on my infected Raspberry Pi. I guess I first have to format that one and then putting everything back. But I want to be sure if the backupped files are done correctly and how to get them back into the right folders. I only found ways to save files instead of putting files back on the SD chard.

Does someone have an idea how to get this done?

Thanks for your help.
Kind regards,
Noud