How to Detect WebShell?

YuanJiawj · Mar 3, 2016

Hi everyone! these days on a VPS with Linux i discovered a Webshell. i've used Linux Malware Detect and has not found any threat, i reviewed my files and I found several files encoded using .base64. there any way to detect files encoded using base64?

Thanks!

hjlbx · Mar 3, 2016

@Klipsh might know...

YuanJiawj · Mar 3, 2016

hjlbx said:
@Klipsh might know...

I hope he can read this...

hjlbx · Mar 3, 2016

Nitlott said:
I hope he can read this...

At least he can point you in the right direction...

@Nitlott

Did you upload the suspect files to Virus Total ?

LabZero · Mar 4, 2016

Nitlott said:
Hi everyone! these days on a VPS with Linux i discovered a Webshell. i've used Linux Malware Detect and has not found any threat, i reviewed my files and I found several files encoded using .base64. there any way to detect files encoded using base64?

Thanks!

Have you tried this ?

GitHub - emposha/PHP-Shell-Detector: Web Shell Detector – is a php script that helps you find and identify php/cgi(perl)/asp/aspx shells. Web Shell Detector has a “web shells” signature database that helps to identify “web shell” up to 99%.

YuanJiawj · Mar 4, 2016

@hjlbx Hi again, Yes, but the detection is very low. VirusTotal 4/55 (AegisLab,Bkav,Kaspersky & Sophos)

YuanJiawj · Mar 4, 2016

@Klipsh I've used this tool but the file is not detected. I tried it on localhost and on my VPS and the file is not detected . It is difficult to find file by file manully, I think because this file is encoded

Search

How to Detect WebShell?

YuanJiawj

Level 12

hjlbx

YuanJiawj

Level 12

hjlbx

LabZero

YuanJiawj

Level 12

YuanJiawj

Level 12

Similar threads