-=Explore The World From Our Binary=-
 
HomeIndeksPendaftaranLogin

Share | 
 

 Scan file-file Backdoor di situs sendiri

Topik sebelumnya Topik selanjutnya Go down 
PengirimMessage
Black.exe
Global Mod
Global Mod
avatar

Jumlah posting : 844
Points : 1491
Reputation : 44
Join date : 08.01.11
Age : 28

PostSubyek: Scan file-file Backdoor di situs sendiri   Sun Feb 26, 2012 10:51 pm

kali ini ane mau share tentang script php yang mungkin berguna buat pertahanan situs kita ...

script ini akan menscan file2 yang ada di root yang di curigai atau berpotensi sebagai shell

PHP Code:

Code:
===========================================================
#!/usr/bin/php
<?php
/*
*    this script find some shell like
*    c99, c100, r57, erne, Safe_Over
*    and try to find some of unknow shell searching specific words this can be
*    not safe
*
*      how to use:
*      the script don't need no-one of these parameter thay are facoltative
*      -e Y/N enable disable eusristic mode (default is enable)
*      -p a number 1-100 , it's the percentual of word that must be find into the file to warm the euristic mode
*      -f check a single file
*    -d check a single dir (normaly the program is recursive chek ALL file )
*        powered by Dr. nefasto
*/
$euristic__ = array("fopen", "file(", "file_get_contents", "sql", "opendir", "perms",

"port", "eval", "system", "exec", "rename", "copy", "delete", "hack", "(\$_", "phpinfo",

"uname", "glob", "is_writable", "is_readable", "get_magic_quotes_gpc()",

"move_uploaded_file", "\$dir", "& 00", "get");
$word__ = array(
            "c99" => array("c999shexit();", "setcookie(\"c999sh_surl\");", "c999_buff_prepare();"),
            "c100" => array("\$back_connect_c=\"f0VMRgEBAQA", "function myshellexec(\$command) {", "tEY87ExcilDfgAMhwqM74s6o"),
            "r57" => array("if(strpos(ex(\"echo abcr57\"),\"r57\")!=3)", "function ex(\$cfe)", "\$port_bind_bd_c=\"I2luY2x1ZGUg"),
            "erne"=> array("function unix2DosTime(\$unixtime = 0)", "eh(\$errno, \$er", "\$mtime=@date(\"Y-m-d H:i:s\",@filemti"),
            "Safe_Over" => array("function walkArray(\$array){", "function printpagelink(\$a, \$b, \$link = \"\")", "if (\$cmd != \"downl\")"),
            "cmd_asp" => array("  ' -- Read th", "ll oFileSys.D", "Author: Maceo")
        );
//the script work
$euristic_active = true;
$euristic_sens = 40;
for ($i = 1; $i < $argc; $i++)
{
    if ($argv[$i] == "-h")
        help($argv[0]);
    elseif($argv[$i] == "-e")
    {
        if ($argv[$i+1] == "Y") $euristic_active = true;
        if ($argv[$i+1] == "N") $euristic_active = false;
    }
    elseif($argv[$i] == "-p")
        $euristic_sens = $argv[$i+1];
    elseif($argv[$i] == "-d")
    {
        dir_scan($argv[$i+1]);   
        exit;
    }
    elseif($argv[$i] == "-f")
    {
        a($argv[$i+1]);   
        exit;
    }
}
dir_scan(".");
function dir_scan($name)
{
    if (!is_dir($name))
        echo "$name is not a dir\n";
    if ($o = @opendir($name))
    {
        while(false !== ($file = readdir($o)))
        {
            if ($file == '.' or $file == '..' or $file == basename(__file__)){    continue;}
            else if (is_dir($name."/".$file)){dir_scan($name."/".$file);}
            else
                a($name."/".$file);
        }
        closedir($o);
    }
    else
        echo "i can't open $name dir\n";
}
function a($file)
{
    global $euristic_active;
    global $euristic_sens;
    if ($l = file_get_contents($file))
    {
        if ( $shell = check($l))
        {
            echo "[DANGER] word_list > ".$file."\tprobably ".$shell." shell\n";
        }
        else if ($euristic_active)
            if ($t = check_euristic($l)  and $t > $euristic_sens)
            {   
                echo "[_ALERT] euristic $t%> ".$file."\tprobably is a shell\n";
            }
    }
    else
    {
        echo "i can't open $file file\n";
    }
}
function check($string)
{
    $check = 0;
    global $word__;
    foreach($word__ as $shell => $code)
        foreach($code as $microcode)
            if (stripos($string, $microcode) !== false)
            {
                $check ++;
                if ($check == 3) return $shell;
            }
    return false;
}
function check_euristic($string)
{
    global $euristic__;
    $check = 0;
    foreach($euristic__ as $code)
        if (stripos($string, $code) !== false)
            $check++;
    return intval(($check * 100) / count($euristic__));
}
function help($me)
{
    echo    "indonesianhacker shell scanner\n".
        "$me {-e [euristic method default = Y] Y/N  -p [[0-100] euristic sensibility fewer == most feeble ]  [-d [directory] / -f [file] ]}\n".
        "exemple: $me -e N -d /tmp\n"
        ;
    exit;
}
?>
===========================================================



simpan dengan nama scanshell.php atau terserah ente dah

panggil url nah ... [You must be registered and logged in to see this link.]

ntar tinggal liat hasilnyah....

nb : berfungsi pada folder di mana dia ditempatkan... dan tidak jalan pada server windows...
Kembali Ke Atas Go down
zer03s!!!
Administrator
Administrator
avatar

Jumlah posting : 2471
Points : 4119
Reputation : 113
Join date : 13.12.10
Age : 25
Lokasi : /home/root/blackc0de

PostSubyek: Re: Scan file-file Backdoor di situs sendiri   Sun Feb 26, 2012 10:56 pm

wah thx om, sangat membantu.... :sukro:
Kembali Ke Atas Go down
http://zer03s.blog.com/
digitalcat
BC Security
BC Security
avatar

Jumlah posting : 451
Points : 710
Reputation : 28
Join date : 31.10.11
Age : 35

PostSubyek: Re: Scan file-file Backdoor di situs sendiri   Tue Feb 28, 2012 7:46 am

Keren bro
Kembali Ke Atas Go down
tetsuya
Administrator
Administrator
avatar

Jumlah posting : 2455
Points : 3019
Reputation : 85
Join date : 06.02.11
Age : 27
Lokasi : bumiayu

PostSubyek: Re: Scan file-file Backdoor di situs sendiri   Tue Feb 28, 2012 8:08 am

sedot kk
Kembali Ke Atas Go down
http://aljinet.blogspot.com
robofics
VIP Member
VIP Member
avatar

Jumlah posting : 709
Points : 804
Reputation : 20
Join date : 22.12.11
Lokasi : /dev/null

PostSubyek: Re: Scan file-file Backdoor di situs sendiri   Mon Mar 19, 2012 9:57 am

ajib ini kk..nais share
Kembali Ke Atas Go down
http://robofics.wordpress.com
M4x007
larva
larva
avatar

Jumlah posting : 286
Points : 297
Reputation : 5
Join date : 01.09.11
Age : 26
Lokasi : Sukalarang, Sukabumi

PostSubyek: Re: Scan file-file Backdoor di situs sendiri   Mon Mar 19, 2012 3:14 pm

muantapp gan . di cobain dulu gan
Kembali Ke Atas Go down
http://www.sukabumihackerlink.blogspot.com
Sponsored content




PostSubyek: Re: Scan file-file Backdoor di situs sendiri   

Kembali Ke Atas Go down
 
Scan file-file Backdoor di situs sendiri
Topik sebelumnya Topik selanjutnya Kembali Ke Atas 
Halaman 1 dari 1
 Similar topics
-
» Di Tunggu Gear Mentahan (respon Faster Plis...)
» ASK cara ganti filter oli sendiri...
» kuras radiator sendiri
» bikin stnk baru sendiri
» (ask) mesin lagi jalan bisa mati sendiri??

Permissions in this forum:Anda tidak dapat menjawab topik
.:: Blackc0de Forum ::. :: Information Technology :: Security-
Navigasi: