Hacked by hydra. At wits end.

[scatman98]

i have the wifi radio disable in the BIOS however the kernel update is installing drivers for it. is this normal?

Code: Select all

Building module:
Cleaning build area...
./dkms-make.sh...........................
Signing module /var/lib/dkms/8812au/5.13.6/build/8812au.ko
Cleaning build area...

8812au.ko:
Running module version sanity check.
 - Original module
   - No original module exists within this kernel
 - Installation
   - Installing to /lib/modules/6.1.0-29-amd64/updates/dkms/
depmod...
Sign command: /usr/lib/linux-kbuild-6.1/scripts/sign-file
Signing key: /var/lib/dkms/mok.key
Public certificate (MOK): /var/lib/dkms/mok.pub

Building module:
Cleaning build area...
make -j4 KERNELRELEASE=6.1.0-29-amd64 KVER=6.1.0-29-amd64....
Signing module /var/lib/dkms/broadcom-sta/6.30.223.271/build/wl.ko
Cleaning build area...

wl.ko:
Running module version sanity check.
 - Original module
   - No original module exists within this kernel
 - Installation
   - Installing to /lib/modules/6.1.0-29-amd64/updates/dkms/

this is what i came across the web about 8812au.ko

One of the best chipsets that support monitor mode and packet injection for both 5Ghz and 2.4 Ghz frequencies is the RealTek RTL8812AU, this makes adapters with chipset ideal for hacking, the only problem is this chipset is not natively supported by Kali Linux, therefore we need to install its drivers first before

previously while using wired internet from a different isp, i also found linux kernel 6.10 installed on the system which i had never installed. it did not show up in package managers but did show up while trying to update the live kernel.

[DukeComposed]

good shape, except for the cache poisoning of apps via mitm attacks when running updates

You keep using that word. I do not think it means what you think it means.

[siamhie]

i have the wifi radio disable in the BIOS however the kernel update is installing drivers for it. is this normal?

Code: Select all

Building module:
Cleaning build area...
./dkms-make.sh...........................
Signing module /var/lib/dkms/8812au/5.13.6/build/8812au.ko
Cleaning build area...

8812au.ko:

Yes, it is normal as long as you have that driver installed.
You can remove wifi drivers that your system doesn't use with MX Cleanup.

this is what i came across the web about 8812au.ko

One of the best chipsets that support monitor mode and packet injection for both 5Ghz and 2.4 Ghz frequencies is the RealTek RTL8812AU, this makes adapters with chipset ideal for hacking, the only problem is this chipset is not natively supported by Kali Linux, therefore we need to install its drivers first before

Where did you read this nonsense? The rtl8812au driver covers a lot of wifi devices. This is just a handful of them

[Stevo]

good shape, except for the cache poisoning of apps via mitm attacks when running updates

You keep using that word. I do not think it means what you think it means.

Just movie quotes from now on.

[scatman98]

Well make of it what you will.
Here is the local IP rule set in the firewall to block the said IP but it is flowing both ways without issue.
Dnssec is setup
One site I use mattw.io won't resolve while all other sites resolve. This screen shot is from manjaro but the situation is same on mxlinux.

[Nokkaelaein]

this is what i came across the web about 8812au.ko

One of the best chipsets that support monitor mode and packet injection for both 5Ghz and 2.4 Ghz frequencies is the RealTek RTL8812AU, this makes adapters with chipset ideal for hacking, the only problem is this chipset is not natively supported by Kali Linux, therefore we need to install its drivers first before

You are reading random stuff on the net and interpreting it in ways you do not have the technical qualifications for. That quote is from a so-called ethical hacker / penetration testing / security site advising how to install RTL8812AU support into Kali, saying RealTek RTL8812AU is ideal for hacking (as it supports monitor mode and packet injection in 5Ghz and 2.4 Ghz). Your quote doesn't mean it's an adapter that is ideal for an attacker to somehow hack into your computer when your computer has it. It means the writer wants to point out this adapter is good when used in wireless pentesting, i.e. they opine it's ideal when used for hacking.

At this point I think it's absolutely the most probable scenario that your exotic problems are all caused by the way you approach computing in general. You think of wild threats that are targeted at your system, then make dramatic adjustments to how your system works, without understanding how to do them, and as a result you break your system in various ways. Then you use that breakage as further proof that you have been attacked in various ways. It approaches actual paranoid thinking patterns. Note that your conceptions on several technical details have been corrected in this thread already, and even the title "Hacked by hydra" doesn't make any sense; you thought this was the case when merely seeing the package name "hydra", for a particular security tool, and reading it's got something to do with breaking passwords - and it turned out, even that package wasn't installed on your system. It's this same way of reacting to things and trying to "fix" them that gets you into problems in the first place.

[DukeComposed]

You think of wild threats that are targeted at your system, then make dramatic adjustments to how your system works, without understanding how to do them, and as a result you break your system in various ways. Then you use that breakage as further proof that you have been attacked in various ways. It approaches actual paranoid thinking patterns.

"Approaches" is a generous way to put it. Let's not forget this thread began as "I've been hacked/Network tools I haven't installed must be malware", "No wait that's just normal apt search output", "sudo must be doing something wrong/I need apt-transport-https because I don't know repos GPG sign their packages/My cache is poisoned", "A common wireless driver is an exploit vector" and (my personal favorite) "I install a VPN by literally piping a random script to sh".

Out of all of these, "curl https:// something.sh | sh" is by far the most dangerous and it's the one thing that wasn't even slightly questioned by OP. Terry Pratchett once wrote "They say a little knowledge is a dangerous thing, but it's not one half so bad as a lot of ignorance."[0] I think learning the difference between security tools and malware, and that some people depend on Linux being easily hackable/malleable/"able to be made to do fun and clever things" is a good takeaway here and we should leave it at that.

[0] Not a movie quote. Apologies, the only relevant movie quote that comes to mind right now is about Santa Claus, the Easter Bunny, and a $100 bill from Chasing Amy (1997) and it's NSFW.

Edit: typos

[Nokkaelaein]

Out of all of these, "curl https:// something.sh | sh" is by far the most dangerous and it's the one thing that wasn't even slightly questioned by OP.

Agreed. When I saw that I was going to comment exactly this , then I figured it basically adds fuel to the fire, eh. But yes, so much ^ this. It's extremely telling that someone is so worried about very esoteric threats, convinced of being the victim of several different man-in-the-middle attacks, blabla, and then doesn't think twice about piping to sh straight from curl.

[siamhie]

Captain America was pretty good at fighting Hydra...

So was Phil Coulson (Agents of S.H.I.E.L.D.).

[DukeComposed]

It's extremely telling that someone is so worried about very esoteric threats, convinced of being the victim of several different man-in-the-middle attacks, blabla, and then doesn't think twice about piping to sh straight from curl.

My favorite anecdote about this is Etienne Millon, who wrote a blog post called "On the curl | sh pattern" in 2014 and linked to a dedicated, era-obligatory Tumblr page he'd created just to name and shame the installers that do this.