Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Categories
- 2008- © LowEndBox. Powered by Vanilla. All date/time in UTC.
- Follow @LowEndNetwork
It looks like you're new here. If you want to get involved, click one of these buttons!
Comments
your borked!
Birchtreelane.com Antiques, Gifts and more!
- Spam
- Abuse
- Troll
0 • Disagree Agree ThanksThat's is something I hate when I found it in my shared hosting:p Have you take a look in the code of files? Try to decrypt it, if it's indeed a backdoor, remove it.
Last time someone hacked my blog, and put a backdoor, I just delete the file, and created new file with the same name, and mock the hacker
- Spam
- Abuse
- Troll
0 • Disagree Agree ThanksC99 is most likely a shell hack.
Birchtreelane.com Antiques, Gifts and more!
- Spam
- Abuse
- Troll
0 • Disagree Agree ThanksYeah, it's definitely a shell hack.
I'd be sure to check he didn't inject other backdoors into your scripts as well. If he was a smart hacker, he'd most likely embedded another backdoor somewhere in else in your site.
Link: madirish.net/241
- Spam
- Abuse
- Troll
0 • Disagree Agree ThanksMy shared hosting got compromised once, was a shitty experience.
I use http://tuxlite.com to configure all my VPSes and I love it!
- Spam
- Abuse
- Troll
0 • Disagree Agree ThanksI have a seperate folder, "phpshells". :3
http://raymii.org - Quis custodiet ipsos custodes? -- @joepie91 said: I have always been a pain in the ass about the security for pretty much anything, and will continue to do so here. - Need a VPS Control Panel?
- Spam
- Abuse
- Troll
0 • Disagree Agree ThanksTake a look at the files to see what kind of code is in them.
Also have a look for files containing 'eval' or 'base64', especially in the TinyMCE folders. While both of those functions have legitimate functions, they're often signs of trouble.
Appreciate my posts/software/guides? Donate (PayPal/Flattr/Bitcoin): http://cryto.net/~joepie91/donate.html | irc.freenode.net #lowendbox
- Spam
- Abuse
- Troll
0 • Disagree Agree ThanksShaer l00t pl0x //HF-mode
I use http://tuxlite.com to configure all my VPSes and I love it!
- Spam
- Abuse
- Troll
0 • Disagree Agree ThanksI think you took the wrong turn at the WJunction :)
Appreciate my posts/software/guides? Donate (PayPal/Flattr/Bitcoin): http://cryto.net/~joepie91/donate.html | irc.freenode.net #lowendbox
- Spam
- Abuse
- Troll
0 • Disagree Agree ThanksC99 is not a shell hack, its a hack tool created to make a symlink and root a server.
The ones you want to worry about is auto-symlink because they simlink on run, if you have freebsd, there is a exploit on it to gain root access.
- Spam
- Abuse
- Troll
0 • Disagree Agree ThanksSigh, so much misinformation.
C99 is a "PHP shell" - its purpose is to allow an attacker that is able to somehow upload the 'shell', to run arbitrary commands, browse the filesystem, etc.
Some variants of C99 (and there are many) will include exploits, tools for symlinking things, or other nasty stuff. It really just depends on what variant you have on there. Either way, it's most definitely malicious and you'll want to get rid of it.
What does symlinking have to do with rooting a server?
Appreciate my posts/software/guides? Donate (PayPal/Flattr/Bitcoin): http://cryto.net/~joepie91/donate.html | irc.freenode.net #lowendbox
- Spam
- Abuse
- Troll
0 • Disagree Agree ThanksIf you create a symlink you can then exploit freebsd.
- Spam
- Abuse
- Troll
0 • Disagree Agree ThanksDo you even know what a symlink is? Or FreeBSD (freedsb? wut), for that matter?
Appreciate my posts/software/guides? Donate (PayPal/Flattr/Bitcoin): http://cryto.net/~joepie91/donate.html | irc.freenode.net #lowendbox
- Spam
- Abuse
- Troll
0 • Disagree Agree ThanksLol typo :P.
The matter of fact is I do know what it is, I can give you a detailed guide how to do it if you want.
- Spam
- Abuse
- Troll
0 • Disagree Agree ThanksOr you didn't know that it's called FreeBSD? You made the mistake twice out of two attempts, suggesting poor knowledge rather than a typo. GG.
http://www.vpn.sh - Secure and affordable VPN services
- Spam
- Abuse
- Troll
0 • Disagree Agree ThanksClearly you cannot comprehend typo?
- Spam
- Abuse
- Troll
0 • Disagree Agree ThanksClearly you have no reading comprehension?
Appreciate my posts/software/guides? Donate (PayPal/Flattr/Bitcoin): http://cryto.net/~joepie91/donate.html | irc.freenode.net #lowendbox
- Spam
- Abuse
- Troll
0 • Disagree Agree ThanksOh wow.
http://www.vpn.sh - Secure and affordable VPN services
- Spam
- Abuse
- Troll
0 • Disagree Agree ThanksWhat are you talking about, he's a seasoned HF skid :P (Waits for website to get DDoSd)
- Spam
- Abuse
- Troll
0 • Disagree Agree ThanksI think you'd be better of at hf. But still, looking at the code of those thing, a lot have some kind of phone-home system. Better know what you might be up against.
Maybe @joepie91 is on his period.
http://raymii.org - Quis custodiet ipsos custodes? -- @joepie91 said: I have always been a pain in the ass about the security for pretty much anything, and will continue to do so here. - Need a VPS Control Panel?
- Spam
- Abuse
- Troll
0 • Disagree Agree Thanks@raymii lol in wss just trollin a bit, I know what they do :)
I use http://tuxlite.com to configure all my VPSes and I love it!
- Spam
- Abuse
- Troll
0 • Disagree Agree ThanksEvery server admin needs a copy of a C99 variant.
Up it to your own space as a normal user and try to root yourself.
It is just another pentesting tool, you can use it for good or for not-so-good.
- Spam
- Abuse
- Troll
0 • Disagree Agree ThanksHow would you even go about finding a reliable and safe copy of something like this? Would you have to frequent childish 1337 h4x0r f0rumz?
- Spam
- Abuse
- Troll
0 • Disagree Agree Thanks