c99 shell

Ideal place for discussions related to Linux/Windows server security, Apache, MySQL, MS SQL and PHP, including tutorials and questions.
hr-ethadmin
Site Admin
Posts: 67
Joined: Fri May 31, 2013 1:04 pm

c99 shell

Postby hr-ethadmin » Sat Jun 01, 2013 11:06 am

To find c99 shell use following command

find /home/ -name "*.php" -print | xargs egrep -l -i 'c99shell' >> /tmp/exploits.txt

It will generate result in /tmp/exploits.txt file.

SammieEG
Posts: 4
Joined: Thu May 30, 2013 12:49 pm

Re: c99 shell

Postby SammieEG » Sat Jun 01, 2013 11:31 am

Thanks for the sharing .. suppose attacker has change the c99.php shell name to other then what is the way to trace it .. your method is only working for c99 name .


Thanks,
Sammie

HR-ADMIN
Site Admin
Posts: 22
Joined: Sat Mar 16, 2013 9:54 pm

Re: c99 shell

Postby HR-ADMIN » Sat Jun 01, 2013 12:52 pm

Hello SammieEG ,

You can find other shell or attacker backdoor using Clam AV and Maldet .
Here you can find the steps to install Clam AV and Maldet :

Clam AV : http://hostripples.com/forum/viewtopic.php?f=22&t=141

Maldet : http://hostripples.com/forum/viewtopic.php?f=22&t=140



Thanks,
Hostripples - Leaders in Linux Hosting
http://www.hostripples.com

http://blog.hostripples.com
HostRipples | Domain Name Registration & $1 Web Hosting


Return to “System Security”

Who is online

Users browsing this forum: No registered users and 3 guests