http://www.secday.com/vdb/TT/WebShell/PHPShell-1.txt :)
On Tue, Feb 7, 2012 at 4:11 PM, Larry Pesce <[email protected]> wrote: > Adrian, et al: > > @Vyrus001 ([email protected]) took a crack at it and asked that I forward > this along to the group: > > "attached is your web shell mostly unpacked > > the other segmants are just base64'ed so if u want to see the imgs or > the src code examples u can look. Its a pretty lame shell overall, > upload / download, sql tools, a dll exploit priv esc, typical shell > utils, and a decent file grepper. I didn't bother to look at the > unprintables in the comments but yea, it's either .cn or .kr > > password is password" > > On 2/5/12 10:05 AM, Adrian Crenshaw wrote: >> Hi all, >> I found this little dingle berry hanging off a shared host box I >> control. Not 100% sure how it got there, and the damn logs don't go far >> enough back. I plan to have a coworker translate what I think is Chinese >> later. Figured I'd give it to you all to have analytical fun with. >> >> >> Adrian >> >> -- >> "The ability to quote is a serviceable substitute for wit." ~ W. >> Somerset Maugham >> >> >> >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
