User Tools

Site Tools


phpshell_scanner

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revision Both sides next revision
phpshell_scanner [2010/09/13 17:21]
k2patel
phpshell_scanner [2011/02/12 02:45]
k2patel
Line 18: Line 18:
        my $score = grep (/​function_exists\(|phpinfo\(|safe_?​mode|shell_exec\(|popen\(|passthru\(|system\(|myshellexec\(|exec\(|getpwuid\(|getgrgid ​ \(|fileperms\(/​i,​@file);​        my $score = grep (/​function_exists\(|phpinfo\(|safe_?​mode|shell_exec\(|popen\(|passthru\(|system\(|myshellexec\(|exec\(|getpwuid\(|getgrgid ​ \(|fileperms\(/​i,​@file);​
        #​probably evil stuffs        #​probably evil stuffs
-       my $tempscore = grep(/​\`\$\_(post|request|get).{0,​20}\`|(include|require|eval|system|passthru|shell_exec).{0,​10}\$\_(post|request|get)|eval.{0,​10}base64_decode|back_connect|backdoor|r57|PHPJackal|PhpSpy|GiX|Fx29SheLL|w4ck1ng|milw0rm|PhpShell|k1r4|FeeLCoMz|FaTaLisTiCz|Ve_cENxShell|UnixOn|C99madShell|Spamfordz|Locus7s|c100|c99|x2300|cgitelnet|webadmin|PHPShell|KaMeLeOn|S4T|tryag|sniper|noexecshell|\/​etc\/​passwd|revengans/​i,​ @file);+       my $tempscore = grep(/​\`\$\_(post|request|get).{0,​20}\`|(include|require|eval|system|passthru|shell_exec).{0,​10}\$\_(post|request|get)|eval.{0,​10}base64_decode|back_connect|backdoor|r57|PHPJackal|PhpSpy|GiX|Fx29SheLL|w4ck1ng|milw0rm|PhpShell|k1r4|FeeLCoMz|FaTaLisTiCz|Ve_cENxShell|UnixOn|C99madShell|Spamfordz|Locus7s|c100|c99|x2300|cgitelnet|webadmin|STUNSHELL|Pr!v8|PHPShell|KaMeLeOn|S4T|oRb|tryag|sniper|noexecshell|\/​etc\/​passwd|revengans/​i,​ @file);
        ​$score +=  50 *  $tempscore;        ​$score +=  50 *  $tempscore;
        print "​$score - Possible backdoor : $File::​Find::​name\n"​ if ($score > $sens-1 );        print "​$score - Possible backdoor : $File::​Find::​name\n"​ if ($score > $sens-1 );
Line 28: Line 28:
   }   }
 } }
- 
 </​code>​ </​code>​
  
Line 41: Line 40:
  
 <code text> <code text>
-for i in `ls /​srv/​www/​htdocs/​; do perl findshell.pl 10 $i >> scanout.txt ; done+for i in /​srv/​www/​htdocs/​ ; do perl findshell.pl 10 $i >> scanout.txt ; done
 </​code>​ </​code>​
phpshell_scanner.txt ยท Last modified: 2020/08/10 02:35 (external edit)