Vulnerability Insecure Deployment: Malicious Application found ( root.exe and debug.cgi)

I R A Darth Aggie

2022-09-30 19:15:11 UTC

On Fri, 30 Sep 2022 02:50:59 -0700 (PDT),

Post by Jayadev Adari
Hi All
Recently we have scanned our application for vulnerability points for hardening the environment , was encountered with vulnerability Malicious Application found ( root.exe and debug.cgi) .Though it was embedded with apache tomcat files I was unable to find mentioned applications.
1)Were can I find Root.exe File and Debug.cgi File.
2)Can I remove this files or it should be there for running Apache Application.
Kindly help me
Thanks in Advance.

Depending on how you have set things up, I would go with

locate Root.exe
locate Debug.cgi

If you have locate (mlocate, plocate packages) installed. Perhaps you
may get a message to build the database of files.

If you don't have locate, then use find:

sudo find / -iname root.exe -print
sudo find / -iname debug.cgi

find search from a from a given directory, in this case /, and searches
the filesystem for files that match exactly, and then print out their exact
location. When you find root.exe try this:

file root.exe

If my suspicions are correct, that will be windows exectable. debug.cgi
might be more of a concern. What you probably want to do is move them out
from where apache2 looks for its files and content. If you know more
specifically where the apache files live, you can refine the search path
for the find commands.

For instance, debug.cgi might live in /usr/lib/cgi-bin

--
Consulting Minister for Consultants, DNRC
I can please only one person per day. Today is not your day. Tomorrow
isn't looking good, either.
I am BOFH. Resistance is futile. Your network will be assimilated.