Scan Backdoor di Website - Saat ini saya akan berbagi perihal script php yang barangkali bermanfaat bikin pertahanan situs kita. Script ini dapat menscan file2 yang ada di root yang di curigai atau punya potensi sebagai shell php code :
panggil url http://situsanda/scan.php
serta tinggal simak hasilnya
credit : MBT
simpan dengan nama scan.php atau terserah kamu dah
#!/usr/bin/php/** this script find some shell like* c99, c100, r57, erne, Safe_Over* and try to find some of unknow shell searching specific words this can be* not safe** how to use:* the script don't need no-one of these parameter thay are facoltative* -e Y/N enable disable eusristic mode (default is enable)* -p a number 1-100 , it's the percentual of word that must be find into the file to warm the euristic mode* -f check a single file* -d check a single dir (normaly the program is recursive chek ALL file )* powered by Dr. nefasto*/$euristic__ = array("fopen", "file(", "file_get_contents", "sql", "opendir", "perms","port", "eval", "system", "exec", "rename", "copy", "delete", "hack", "(\$_", "phpinfo","uname", "glob", "is_writable", "is_readable", "get_magic_quotes_gpc()","move_uploaded_file", "\$dir", "& 00", "get");$word__ = array("c99" => array("c999shexit();", "setcookie(\"c999sh_surl\");", "c999_buff_prepare();"),"c100" => array("\$back_connect_c=\"f0VMRgEBAQA", "function myshellexec(\$command) {", "tEY87ExcilDfgAMhwqM74s6o"),"r57" => array("if(strpos(ex(\"echo abcr57\"),\"r57\")!=3)", "function ex(\$cfe)", "\$port_bind_bd_c=\"I2luY2x1ZGUg"),"erne"=> array("function unix2DosTime(\$unixtime = 0)", "eh(\$errno, \$er", "\$mtime=@date(\"Y-m-d H:i:s\",@filemti"),"Safe_Over" => array("function walkArray(\$array){", "function printpagelink(\$a, \$b, \$link = \"\")", "if (\$cmd != \"downl\")"),"cmd_asp" => array(" ' -- Read th", "ll oFileSys.D", "Author: blackc0de crew"));//the script work$euristic_active = true;$euristic_sens = 40;for ($i = 1; $i < $argc; $i++){if ($argv[$i] == "-h")help($argv[0]);elseif($argv[$i] == "-e"){if ($argv[$i+1] == "Y") $euristic_active = true;if ($argv[$i+1] == "N") $euristic_active = false;}elseif($argv[$i] == "-p")$euristic_sens = $argv[$i+1];elseif($argv[$i] == "-d"){dir_scan($argv[$i+1]);exit;}elseif($argv[$i] == "-f"){a($argv[$i+1]);exit;}}dir_scan(".");function dir_scan($name){if (!is_dir($name))echo "$name is not a dir\n";if ($o = @opendir($name)){while(false !== ($file = readdir($o))){if ($file == '.' or $file == '..' or $file == basename(__file__)){ continue;}else if (is_dir($name."/".$file)){dir_scan($name."/".$file);}elsea($name."/".$file);}closedir($o);}elseecho "i can't open $name dir\n";}function a($file){global $euristic_active;global $euristic_sens;if ($l = file_get_contents($file)){if ( $shell = check($l)){echo "[DANGER] word_list > ".$file."\tprobably ".$shell." shell\n";}else if ($euristic_active)if ($t = check_euristic($l) and $t > $euristic_sens){echo "[_ALERT] euristic $t%> ".$file."\tprobably is a shell\n";}}else{echo "i can't open $file file\n";}}function check($string){$check = 0;global $word__;foreach($word__ as $shell => $code)foreach($code as $microcode)if (stripos($string, $microcode) !== false){$check ++;if ($check == 3) return $shell;}return false;}function check_euristic($string){global $euristic__;$check = 0;foreach($euristic__ as $code)if (stripos($string, $code) !== false)$check++;return intval(($check * 100) / count($euristic__));}function help($me){echo "Blackc0de shell scanner\n"."$me {-e [euristic method default = Y] Y/N -p [[0-100] euristic sensibility fewer == most feeble ] [-d [directory] / -f [file] ]}\n"."exemple: $me -e N -d /tmp\n";exit;}?>
panggil url http://situsanda/scan.php
serta tinggal simak hasilnya
credit : MBT
0 komentar:
Posting Komentar