New Horizons Get Schooled Blog

Use echo to confirm malicious activity without execution (PHP)

php photo

Hackers have all kinds of ways to infiltrate servers and access files unauthorized. If you find PHP code with a suspect source, it’s worthwhile to investigate it further and in great detail. Hackers frequently employ a method called obfuscation to hide their malicious code in plain sight. The best preliminary way to begin evaluating the code is to highlight everything differently so the unusual code, such as string declarations and concatenations, begin to stand out. Once those are identified, use echo to follow the suspect functions down their rabbit hole.

For example, for a suspect ‘$ItemName’, add ‘echo $ItemName’ and note its revealed function. Continue following the breadcrumbs with an echo function, even if the result is a huge mass of concatenations, until you reach the heart of the infiltration. This will reveal the depth of hack and confirm the malicious activity without executing it.

Posted on 4/18/18 2:02 PM by Get Schooled in echo

Get Schooled

Written by Get Schooled

Search by Topic

    Lists by Topic

    see all

    Be at the center of it all.