12 Jan 2006 jc   » (Master)

Earlier today someone uploaded a php shell to one of my web servers. Luckily there was no possible way for them to get it to run.

The shell seems to be called ashshell and written by Erisim Engellendi. From browsing the source it seems pretty full featured. Looks like it even includes functions to access and dump running mysql databases. Maybe I'll run it just to see what it does.... then again maybe not.

A google search on some identifying strings don't seem to turn up any information (at least not in english).

Seems like someone in the security field would be interested in collecting shells like this one, but maybe they are too common to bother collecting now?

I will probably forget that I have it by tommorow and that will be the end of it.

Latest blog entries     Older blog entries

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!