New Horizons Get Schooled Blog

Use echo to confirm malicious activity without execution (PHP)

Posted on 4/18/18 2:02 PM by Get Schooled in echo

Hackers have all kinds of ways to infiltrate servers and access files unauthorized. If you find PHP code with a suspect source, it’s worthwhile to investigate it further and in great detail. Hackers frequently employ a method called obfuscation to hide their malicious code in plain sight. The best preliminary way to begin evaluating the code is to highlight everything differently so the unusual code, such as string declarations and concatenations, begin to stand out. Once those are identified, use echo to follow the suspect functions down their rabbit hole.

For example, for a suspect ‘$ItemName’, add ‘echo $ItemName’ and note its revealed function. Continue following the breadcrumbs with an echo function, even if the result is a huge mass of concatenations, until you reach the heart of the infiltration. This will reveal the depth of hack and confirm the malicious activity without executing it.

0 CommentsContinue Reading →

Search by Topic

    Lists by Topic

    see all

    Knowledge Ninjas

    a web-based service that allows software application end users to access a subject matter expert in real-time via a chat interface to resolve questions or problems they encounter in their specific software.

     

    Subscribe