Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 8 Aug 2022 08:18:05 +0200
Subject: extract password/hash from a piece of php malware


My question is not totally related to JtR. I've found a PHP webshell on a web site and I'm trying to de-obfuscate it and learn how it works on the attacker side.  For reference, the file is
It's highly obfuscated and the only thing I've managed to do is access its GUI over a simple php web server (php -S localhost:8000, then curl). It's a JS generated web page all blank except for a single password field in the middle.
I'm pretty sure the password is hardcoded in the webshell file but I have absolutely no clue where it is and how to retrieve it. 

Any idea?

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.