Currently #analyzing a multistage payload #Wordpress malware, that is being #emailed to siteowners at the moment as a fix for a #cve ... basically it ends upp creating #remoteshell with root privs and have some utils to dump out #mysql, #postgre and #mssql #databases among other things.
I'm amazed that they have not obfuscated this harder. The main script that is the wordpress plugin have some mangled function names, the payloads are just base64 and zlib and those files is not mangeeled.
Did you know you could re-generate your public #SSH key from the private one?
I wrote a short post about what led me to look for it:
https://funilrys.com/ssh-private-key-content-do-not-match-public
Eternal Terminal – A Remote Shell That Automatically Reconnects Without Interrupting The Session #EternalTerminal #Terminal #ssh #RemoteShell #Linux
https://www.ostechnix.com/eternal-terminal-remote-shell-automatically-reconnects-without-interrupting-session/
run qmail?
reconsider vulns in CVE-2005-1513
https://www.qualys.com/2020/05/19/cve-2005-1513/remote-code-execution-qmail.txt
