On Fri, 30 Sep 2022 02:50:59 -0700 (PDT),
Jayadev Adari <
jayadevadari8@gmail.com>, in <
bafbecfb-3343-41ae-8786-2b9aed4239cdn@googlegroups.com> wrote:
Hi All
Recently we have scanned our application for vulnerability points for hardening the environment , was encountered with vulnerability Malicious Application found ( root.exe and debug.cgi) .Though it was embedded with apache tomcat files I was unable
to find mentioned applications.
1)Were can I find Root.exe File and Debug.cgi File.
2)Can I remove this files or it should be there for running Apache Application.
Kindly help me
Thanks in Advance.
Depending on how you have set things up, I would go with
locate Root.exe
locate Debug.cgi
If you have locate (mlocate, plocate packages) installed. Perhaps you
may get a message to build the database of files.
If you don't have locate, then use find:
sudo find / -iname root.exe -print
sudo find / -iname debug.cgi
find search from a from a given directory, in this case /, and searches
the filesystem for files that match exactly, and then print out their exact location. When you find root.exe try this:
file root.exe
If my suspicions are correct, that will be windows exectable. debug.cgi
might be more of a concern. What you probably want to do is move them out
from where apache2 looks for its files and content. If you know more specifically where the apache files live, you can refine the search path
for the find commands.
For instance, debug.cgi might live in /usr/lib/cgi-bin
--
Consulting Minister for Consultants, DNRC
I can please only one person per day. Today is not your day. Tomorrow
isn't looking good, either.
I am BOFH. Resistance is futile. Your network will be assimilated.
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)