c99 shell

Ideal place for discussions related to Linux/Windows server security, Apache, MySQL, MS SQL and PHP, including tutorials and questions.
Site Admin
Posts: 67
Joined: Fri May 31, 2013 1:04 pm

c99 shell

Postby hr-ethadmin » Sat Jun 01, 2013 11:06 am

To find c99 shell use following command

find /home/ -name "*.php" -print | xargs egrep -l -i 'c99shell' >> /tmp/exploits.txt

It will generate result in /tmp/exploits.txt file.

Posts: 4
Joined: Thu May 30, 2013 12:49 pm

Re: c99 shell

Postby SammieEG » Sat Jun 01, 2013 11:31 am

Thanks for the sharing .. suppose attacker has change the c99.php shell name to other then what is the way to trace it .. your method is only working for c99 name .


Site Admin
Posts: 22
Joined: Sat Mar 16, 2013 9:54 pm

Re: c99 shell

Postby HR-ADMIN » Sat Jun 01, 2013 12:52 pm

Hello SammieEG ,

You can find other shell or attacker backdoor using Clam AV and Maldet .
Here you can find the steps to install Clam AV and Maldet :

Clam AV : http://hostripples.com/forum/viewtopic.php?f=22&t=141

Maldet : http://hostripples.com/forum/viewtopic.php?f=22&t=140

Hostripples - Leaders in Linux Hosting

HostRipples | Domain Name Registration & $1 Web Hosting

Return to “System Security”

Who is online

Users browsing this forum: No registered users and 1 guest