I found this code on a hacked site, what does it do exactly? It appears to mess with some file permissions, how can it allow an attacker entry?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I found this code on a hacked site, what does it do exactly? It appears to mess with some file permissions, how can it allow an attacker entry?
well this isn’t that evil… Are you sure this is the ‘hacked’ part?
As you can see the bottom few lines are commented out, so they don’t do anything. The only ‘active’ code lines are:
The system() function executes a command on the server itself. So you have to look to the commands given, which are unix commands:
The first line says; change the file permissions recursively (everything in this working directory, including it’s children) to modus 744 (all-read-read).
The second line finds all directories in the current working directory and changes the modus to 755, which is in fact standard for directories (and equivalent to
chmod +X -R ./*, when executed directly after the first command)To be honest, I don’t see any harm done, as directories get the standard permissions, files only some extra permissions for the owner of the file. It would be dangerous when also group and world would get all permissions…