User Tools

Site Tools

Trace: compromise
compromise

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
compromise [2018/10/12 12:56] – created luke7858compromise [2024/05/23 07:26] (current) – external edit 127.0.0.1
Line 4: Line 4:
 \\ \\
 The best thing to do is give you an example: The best thing to do is give you an example:
 +<sxh bash> # cat /tmp/example.pl </sxh>
 <code> <code>
-# cat /tmp/example.pl  
 #!/usr/bin/perl #!/usr/bin/perl
  
Line 24: Line 24:
 \\ \\
 \\ \\
-You can check the PID of the process and it's exe location to find out if it's suspicious or not. This "apache" process should have a location with apache in the name, NOT perl:+You can check the PID of the process and it's exe location to find out if it's suspicious or not. This "apache" process should have a binary location with apache in the name, NOT perl:
 <sxh bash> <sxh bash>
 [root@lll-new ~]# ll /proc/29923/exe  [root@lll-new ~]# ll /proc/29923/exe 
compromise.1539348964.txt.gz · Last modified: 2024/05/23 07:26 (external edit)
Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain
Public Domain Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki