API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 20th, 2020
228
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.95 KB | None | 0 0
raw download clone embed print report
  1. NESSUS root@server:/var/www/webXX/htdocs/shops/kunde/tbtest # strace -e trace=%file -tfq -s 255 $(for i in $(ps auxf | grep webXX | awk '{ print $2 }'); do echo -n "-p $i "; done)
  2. strace: attach: ptrace(PTRACE_SEIZE, 25686): No such process
  3. [pid 32631] 14:26:16 lstat("/var/www/webXX/htdocs/shops/kunde/tbtest/tb.php", {st_mode=S_IFREG|0644, st_size=634, ...}) = 0
  4. [pid 32631] 14:26:16 lstat("/var/www/webXX/htdocs/shops/kunde/tbtest", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
  5. [pid 32631] 14:26:16 lstat("/var/www/webXX/htdocs/shops/kunde", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
  6. [pid 32631] 14:26:16 lstat("/var/www/webXX/htdocs/shops", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
  7. [pid 32631] 14:26:16 lstat("/var/www/webXX/htdocs", {st_mode=S_IFDIR|0750, st_size=4096, ...}) = 0
  8. [pid 32631] 14:26:16 lstat("/var/www/webXX", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
  9. [pid 32631] 14:26:16 lstat("/var/www", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
  10. [pid 32631] 14:26:16 lstat("/var", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
  11. [pid 32631] 14:26:16 stat("/", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
  12. [pid 32631] 14:26:16 getcwd("/var/www/webXX/conf/php56", 4096) = 26
  13. [pid 32631] 14:26:16 lstat("/var/www/webXX/tmp", {st_mode=S_IFDIR|S_ISVTX|0777, st_size=4096, ...}) = 0
  14. [pid 32631] 14:26:16 lstat("/var/www/webXX", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
  15. [pid 32631] 14:26:16 lstat("/var/www", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
  16. [pid 32631] 14:26:16 lstat("/var", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
  17. [pid 32631] 14:26:16 openat(AT_FDCWD, "/var/www/webXX/tmp/phpZ4qi9c", O_RDWR|O_CREAT|O_EXCL, 0600) = 5
  18. [pid 32631] 14:26:16 stat("/usr/lib/liveconfig/uploadscan.sh", {st_mode=S_IFREG|0755, st_size=1614, ...}) = 0
  19. [pid 32631] 14:26:16 access("/usr/lib/liveconfig/uploadscan.sh", R_OK|X_OK) = 0
  20. [pid 25691] 14:26:16 execve("/bin/sh", ["sh", "-c", "/usr/lib/liveconfig/uploadscan.sh /var/www/webXX/tmp/phpZ4qi9c 2>&1"], 0x7ffd4db7ad08 /* 6 vars */) = 0
  21. [pid 25691] 14:26:16 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
  22. [pid 25691] 14:26:16 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
  23. [pid 25691] 14:26:16 openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
  24. [pid 25691] 14:26:16 stat("/var/www/webXX/conf/php56", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
  25. [pid 25691] 14:26:16 stat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
  26. [pid 25692] 14:26:16 execve("/usr/lib/liveconfig/uploadscan.sh", ["/usr/lib/liveconfig/uploadscan.sh", "/var/www/webXX/tmp/phpZ4qi9c"], 0x560a95492c70 /* 6 vars */) = 0
  27. [pid 25692] 14:26:16 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
  28. [pid 25692] 14:26:16 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
  29. [pid 25692] 14:26:16 openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
  30. [pid 25692] 14:26:16 stat("/var/www/webXX/conf/php56", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
  31. [pid 25692] 14:26:16 stat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
  32. [pid 25692] 14:26:16 openat(AT_FDCWD, "/usr/lib/liveconfig/uploadscan.sh", O_RDONLY) = 3
  33. [pid 25693] 14:26:16 openat(AT_FDCWD, "/dev/null", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 3
  34. [pid 25693] 14:26:16 stat("/usr/bin/pidof", 0x7ffc6200f0e0) = -1 ENOENT (No such file or directory)
  35. [pid 25693] 14:26:16 stat("/bin/pidof", {st_mode=S_IFREG|0755, st_size=27248, ...}) = 0
  36. [pid 25693] 14:26:16 execve("/bin/pidof", ["pidof", "clamd"], 0x55f4b1d4ec88 /* 6 vars */) = 0
  37. [pid 25693] 14:26:16 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
  38. [pid 25693] 14:26:16 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
  39. [pid 25693] 14:26:16 openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
  40. ....
  41. [pid 25695] 14:26:16 openat(AT_FDCWD, "/dev/null", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 3
  42. [pid 25695] 14:26:16 stat("/usr/bin/which", {st_mode=S_IFREG|0755, st_size=946, ...}) = 0
  43. [pid 25695] 14:26:16 execve("/usr/bin/which", ["which", "clamdscan"], 0x55f4b28b5b80 /* 6 vars */) = 0
  44. [pid 25695] 14:26:16 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
  45. [pid 25695] 14:26:16 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
  46. [pid 25695] 14:26:16 openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
  47. [pid 25695] 14:26:16 stat("/var/www/webXX/conf/php56", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
  48. [pid 25695] 14:26:16 stat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
  49. [pid 25695] 14:26:16 openat(AT_FDCWD, "/usr/bin/which", O_RDONLY) = 3
  50. [pid 25695] 14:26:16 stat("/usr/bin/clamdscan", {st_mode=S_IFREG|0755, st_size=233424, ...}) = 0
  51. [pid 25695] 14:26:16 faccessat(AT_FDCWD, "/usr/bin/clamdscan", X_OK) = 0
  52. [pid 25695] 14:26:16 +++ exited with 0 +++
  53. [pid 25692] 14:26:16 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=25695, si_uid=20080, si_status=0, si_utime=0, si_stime=0} ---
  54. [pid 25692] 14:26:16 faccessat(AT_FDCWD, "/usr/bin/clamdscan", X_OK) = 0
  55. [pid 25696] 14:26:16 execve("/usr/bin/clamdscan", ["/usr/bin/clamdscan", "--fdpass", "--infected", "--no-summary", "/var/www/webXX/tmp/phpZ4qi9c"], 0x55f4b28b5c18 /* 6 vars */) = 0
  56. [pid 25696] 14:26:16 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
  57. [pid 25696] 14:26:16 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
  58. [pid 25696] 14:26:16 openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1", O_RDONLY|O_CLOEXEC) = 3
  59. [pid 25696] 14:26:16 openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
  60. [pid 25696] 14:26:16 openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3
  61. [pid 25696] 14:26:16 openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3
  62. [pid 25696] 14:26:16 openat(AT_FDCWD, "/etc/clamav/clamd.conf", O_RDONLY) = 3
  63. [pid 25696] 14:26:16 lstat("/var/www/webXX/tmp/phpZ4qi9c", {st_mode=S_IFREG|0600, st_size=78317, ...}) = 0
  64. [pid 25696] 14:26:16 openat(AT_FDCWD, "/var/www/webXX/tmp/phpZ4qi9c", O_RDONLY) = 5
  65. [pid 25696] 14:26:16 +++ exited with 2 +++
  66. [pid 25692] 14:26:16 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=25696, si_uid=20080, si_status=2, si_utime=0, si_stime=0} ---
  67. [pid 25692] 14:26:16 +++ exited with 0 +++
  68. [pid 25691] 14:26:16 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=25692, si_uid=20080, si_status=0, si_utime=0, si_stime=0} ---
  69. [pid 25691] 14:26:16 +++ exited with 0 +++
  70. [pid 32631] 14:26:16 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=25691, si_uid=20080, si_status=0, si_utime=0, si_stime=0} ---
  71. [pid 32631] 14:26:16 unlink("/var/www/webXX/tmp/phpZ4qi9c") = 0
  72. [pid 32631] 14:26:16 getcwd("/var/www/webXX/conf/php56", 4095) = 26
  73. [pid 32631] 14:26:16 chdir("/var/www/webXX/htdocs/shops/kunde/tbtest") = 0
  74. [pid 32631] 14:26:16 stat("/var/www/webXX/htdocs/shops/kunde/tbtest/tb.php", {st_mode=S_IFREG|0644, st_size=634, ...}) = 0
  75. [pid 32631] 14:26:16 chdir("/var/www/webXX/conf/php56") = 0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!