Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Doing a site fix after a file was uploaded through an exploit. After examining the file, discovered a script named “Syrian Shell”.
I found a version of it on pastebin: http://pastebin.com/raw.php?i=MWRJYFyZ
Does anyone know it’s core purpose? And how deep it can exploit the system?
I need to clean this particular server so if anyone has experience with it I appreciate your help. Thanks.
For all the weird kiddie hackers who are requesting to see the script, this paste is updated:
If your box is compromised, format it, and patch whatever security vulnerability was used in the first place. If you’re crying about formatting it, then you clearly don’t have a good server provisioning procedure in place. Next time, use standardized (automated) configurations and a configuration management system, like Puppet. Recreating a box doesn’t take me personally more than a few keystrokes due to the kickstart configurations and our configuration management server.