11/8/2022 0 Comments Filezilla malware 2017![]() Two of them, access and modify, changed to our haunting time. ![]() Let’s change the timestamp of our file to something more festive, say Halloween from last year. Using the ‘man touch’ command, we see there’s a ‘-t’ switch which takes a single argument of a timestamp of our choosing. If an adversary had command line access – and let’s hope they don’t – they could use a custom touch command to define a timestamp more inline with existing files on the system. Now the important question, how could a bad actor change timestamps of malicious files written or uploaded to a compromised site to hide them? How can we change the timestamp without editing the file? One way is to use the ‘touch’ command, which changes the timestamps and leaves the file contents intact.Īll three timestamps were changed and the file size stayed the same. So we’ve seen how editing a file changes timestamps. Here you can see the two seconds it took to access, edit, and save the file. Size: 5 Blocks: 8 IO Block: 4096 regular file Now let’s edit the file and run the ‘stat’ command again. Depending on the system, the stat command may show birth, or creation, time, though it’s not standard across systems. Here we can see the file was accessed, modified, and changed around 2:30 pm. Or we can use the ‘stat’ command to see every timestamp and more. We can use the ‘ls’ command on Linux with some choice switches (man ls) to view the times. To see timestamps in action, we can use an FTP client like FileZilla and view files’ modified time.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |