Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

It's great to be smart 'cause then you know stuff.


devel / comp.infosystems.www.servers.unix / Vulnerability Insecure Deployment: Malicious Application found ( root.exe and debug.cgi)

SubjectAuthor
* Vulnerability Insecure Deployment: Malicious Application found (Jayadev Adari
`- Re: Vulnerability Insecure Deployment: Malicious Application foundI R A Darth Aggie

1
Vulnerability Insecure Deployment: Malicious Application found ( root.exe and debug.cgi)

<bafbecfb-3343-41ae-8786-2b9aed4239cdn@googlegroups.com>

 copy mid

https://www.novabbs.com/devel/article-flat.php?id=52&group=comp.infosystems.www.servers.unix#52

 copy link   Newsgroups: comp.infosystems.www.servers.unix
X-Received: by 2002:ac8:5a83:0:b0:35c:d945:6442 with SMTP id c3-20020ac85a83000000b0035cd9456442mr5860571qtc.57.1664531460870;
Fri, 30 Sep 2022 02:51:00 -0700 (PDT)
X-Received: by 2002:a05:6870:a686:b0:131:87d6:cd5 with SMTP id
i6-20020a056870a68600b0013187d60cd5mr10541482oam.271.1664531460214; Fri, 30
Sep 2022 02:51:00 -0700 (PDT)
Path: i2pn2.org!i2pn.org!usenet.blueworldhosting.com!feed1.usenet.blueworldhosting.com!peer02.iad!feed-me.highwinds-media.com!news.highwinds-media.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.infosystems.www.servers.unix
Date: Fri, 30 Sep 2022 02:50:59 -0700 (PDT)
Injection-Info: google-groups.googlegroups.com; posting-host=148.64.5.71; posting-account=T7p2cgkAAADXWesWOzGRX5Q86mpJfvJA
NNTP-Posting-Host: 148.64.5.71
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <bafbecfb-3343-41ae-8786-2b9aed4239cdn@googlegroups.com>
Subject: Vulnerability Insecure Deployment: Malicious Application found (
root.exe and debug.cgi)
From: jayadeva...@gmail.com (Jayadev Adari)
Injection-Date: Fri, 30 Sep 2022 09:51:00 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Received-Bytes: 1588
 by: Jayadev Adari - Fri, 30 Sep 2022 09:50 UTC

Hi All

Recently we have scanned our application for vulnerability points for hardening the environment , was encountered with vulnerability Malicious Application found ( root.exe and debug.cgi) .Though it was embedded with apache tomcat files I was unable to find mentioned applications.

1)Were can I find Root.exe File and Debug.cgi File.
2)Can I remove this files or it should be there for running Apache Application.

Kindly help me

Thanks in Advance.

Re: Vulnerability Insecure Deployment: Malicious Application found ( root.exe and debug.cgi)

<slrntjeg1v.9g2t.n0b0dy@invalid.invalid>

 copy mid

https://www.novabbs.com/devel/article-flat.php?id=53&group=comp.infosystems.www.servers.unix#53

 copy link   Newsgroups: comp.infosystems.www.servers.unix
Path: i2pn2.org!i2pn.org!usenet.goja.nl.eu.org!3.eu.feeder.erje.net!feeder.erje.net!eternal-september.org!reader01.eternal-september.org!.POSTED!not-for-mail
From: n0b...@invalid.invalid (I R A Darth Aggie)
Newsgroups: comp.infosystems.www.servers.unix
Subject: Re: Vulnerability Insecure Deployment: Malicious Application found
( root.exe and debug.cgi)
Date: Fri, 30 Sep 2022 19:15:11 -0000 (UTC)
Organization: Texas A&M University - North Florida
Lines: 46
Message-ID: <slrntjeg1v.9g2t.n0b0dy@invalid.invalid>
References: <bafbecfb-3343-41ae-8786-2b9aed4239cdn@googlegroups.com>
Reply-To: no-courtesy-copies-please@invalid.invalid
Injection-Date: Fri, 30 Sep 2022 19:15:11 -0000 (UTC)
Injection-Info: reader01.eternal-september.org; posting-host="62a9b03352c22ae9af2c3bfa90528834";
logging-data="1150823"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19RFUwu4hU/Tsiegl50OnzJK3E5+aL7SHw="
User-Agent: slrn/1.0.3 (Linux)
Cancel-Lock: sha1:VvcgzUR4uSMsdN5imv6kUEIDohw=
X-WebTV-Stationery: Standard; BGColor=black; TextColor=black
 by: I R A Darth Aggie - Fri, 30 Sep 2022 19:15 UTC

On Fri, 30 Sep 2022 02:50:59 -0700 (PDT),
Jayadev Adari <jayadevadari8@gmail.com>, in
<bafbecfb-3343-41ae-8786-2b9aed4239cdn@googlegroups.com> wrote:
> Hi All
>
> Recently we have scanned our application for vulnerability points for hardening the environment , was encountered with vulnerability Malicious Application found ( root.exe and debug.cgi) .Though it was embedded with apache tomcat files I was unable to find mentioned applications.
>
> 1)Were can I find Root.exe File and Debug.cgi File.
> 2)Can I remove this files or it should be there for running Apache Application.
>
> Kindly help me
>
> Thanks in Advance.

Depending on how you have set things up, I would go with

locate Root.exe
locate Debug.cgi

If you have locate (mlocate, plocate packages) installed. Perhaps you
may get a message to build the database of files.

If you don't have locate, then use find:

sudo find / -iname root.exe -print
sudo find / -iname debug.cgi

find search from a from a given directory, in this case /, and searches
the filesystem for files that match exactly, and then print out their exact
location. When you find root.exe try this:

file root.exe

If my suspicions are correct, that will be windows exectable. debug.cgi
might be more of a concern. What you probably want to do is move them out
from where apache2 looks for its files and content. If you know more
specifically where the apache files live, you can refine the search path
for the find commands.

For instance, debug.cgi might live in /usr/lib/cgi-bin

--
Consulting Minister for Consultants, DNRC
I can please only one person per day. Today is not your day. Tomorrow
isn't looking good, either.
I am BOFH. Resistance is futile. Your network will be assimilated.

1
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor