Received the below security incident report after I tried out oh-my-git on my laptop.
This detection identifies simple ‘perl’ based reverse shells using the ‘Socket’ module being passed to the command line. Malicious actors use this technique post compromise to deliver a shell from the compromised host back to their system so that additional system commands can be executed.
The found command that was executed and reported was.
export HOME='/home/USERNAME/.local/share/Oh My Git/tmp/';export PATH='/home/USERNAME/.local/share/Oh My Git/tmp/:'"$PATH";cd '/home/USERNAME/.local/share/Oh My Git/tmp/' || exit 1;cat > 'fake-editor' <<'HEREHEREHERE'
====
Please check for the above issue. May the words fake-editor and perl based reverse shell using socket may be causing this.
Please check for these add any notes on the README file.
Received the below security incident report after I tried out oh-my-git on my laptop.
This detection identifies simple ‘perl’ based reverse shells using the ‘Socket’ module being passed to the command line. Malicious actors use this technique post compromise to deliver a shell from the compromised host back to their system so that additional system commands can be executed.
The found command that was executed and reported was.
export HOME='/home/USERNAME/.local/share/Oh My Git/tmp/';export PATH='/home/USERNAME/.local/share/Oh My Git/tmp/:'"$PATH";cd '/home/USERNAME/.local/share/Oh My Git/tmp/' || exit 1;cat > 'fake-editor' <<'HEREHEREHERE'
====
Please check for the above issue. May the words fake-editor and perl based reverse shell using socket may be causing this.
Please check for these add any notes on the README file.
Thanks for the great work.