Timeline for Running Linux commands execute hidden command to regenerate Backdoor
Current License: CC BY-SA 4.0
5 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Jan 17, 2024 at 22:57 | comment | added | Dany Burgos | @cutrightjm i'm doing this as an exercise, my server already offline and i'm interested to know how /usr/bin can be linked or injected with other commands, I was looking into inject binary files ,seems thats a possible way to have same result , but still can't catch the injected codes inside my server files. | |
| Jan 14, 2024 at 12:33 | comment | added | A.B | See also the usual SF Q/A about this: serverfault.com/questions/218005/… | |
| Jan 14, 2024 at 2:18 | comment | added | cutrightjm | If you're doing this merely as an academic exercise, it's fine to proceed, but if you are trying to recover the webserver it will need restored from a backup or rebuilt. That they were able to modify files in /usr/bin implies you are running the webserver as root, so there isn't a good way to ensure the server is safe again. | |
| S Jan 14, 2024 at 1:59 | review | First questions | |||
| Jan 15, 2024 at 22:11 | |||||
| S Jan 14, 2024 at 1:59 | history | asked | Dany Burgos | CC BY-SA 4.0 |