Home Page › Forums › Network Management › ZeroShell › Vulnerability and compromised profiles (Zeroshell<3.0.0) › Reply To: Vulnerability and compromised profiles (Zeroshell<3.0.0)
January 29, 2014 at 12:28 pm
#53148
Member
@aseques wrote:
Other than that, could someone explain how to identify the traces of the exploits intalled?
Check manually. Connect to SFTP and watch the files in subfolders in /DB
Run through the SSH command ps -ax and see if there is anything running from /DB whether subfolders.
PS Access SFTP can include changing the shell. Connect to SSH and run chsh, enter /bin/bash
PS2 Return shell back chsh and enter /root/kerbynet.cgi/scripts/localman or simply reboot zeroshell router.