cybervanz Administrator
Jumlah posting : 12 Join date : 24.02.11 Age : 26 Lokasi : Di depan Laptop
| Subyek: Backdoor Checker Sun Feb 27, 2011 3:21 am | |
| tERTARIK ? Silahkan sedot... :* - Code:
-
#!/usr/bin/php <?php /* * this script find some shell like * c99, c100, r57, erne, Safe_Over * and try to find some of unknow shell searching specific words this can be * not safe * * how to use: * the script don't need no-one of these parameter thay are facoltative * -e Y/N enable disable eusristic mode (default is enable) * -p a number 1-100 , it's the percentual of word that must be find into the file to warm the euristic mode * -f check a single file * -d check a single dir (normaly the program is recursive chek ALL file ) * powered by Dr. nefasto */ $euristic__ = array("fopen", "file(", "file_get_contents", "sql", "opendir", "perms", "port", "eval", "system", "exec", "rename", "copy", "delete", "hack", "(\$_", "phpinfo", "uname", "glob", "is_writable", "is_readable", "get_magic_quotes_gpc()", "move_uploaded_file", "\$dir", "& 00", "get"); $word__ = array( "c99" => array("c999shexit();", "setcookie("c999sh_surl");", "c999_buff_prepare();"), "c100" => array("\$back_connect_c="f0VMRgEBAQA", "function myshellexec(\$command) {", "tEY87ExcilDfgAMhwqM74s6o"), "r57" => array("if(strpos(ex("echo abcr57"),"r57")!=3)", "function ex(\$cfe)", "\$port_bind_bd_c="I2luY2x1ZGUg"), "erne"=> array("function unix2DosTime(\$unixtime = 0)", "eh(\$errno, \$er", "\$mtime=@date("Y-m-d H:i:s",@filemti"), "Safe_Over" => array("function walkArray(\$array){", "function printpagelink(\$a, \$b, \$link = "")", "if (\$cmd != "downl")"), "cmd_asp" => array(" ' -- Read th", "ll oFileSys.D", "Author: Maceo") ); //the script work $euristic_active = true; $euristic_sens = 40; for ($i = 1; $i < $argc; $i++) { if ($argv[$i] == "-h") help($argv[0]); elseif($argv[$i] == "-e") { if ($argv[$i+1] == "Y") $euristic_active = true; if ($argv[$i+1] == "N") $euristic_active = false; } elseif($argv[$i] == "-p") $euristic_sens = $argv[$i+1]; elseif($argv[$i] == "-d") { dir_scan($argv[$i+1]); exit; } elseif($argv[$i] == "-f") { a($argv[$i+1]); exit; } } dir_scan("."); function dir_scan($name) { if (!is_dir($name)) echo "$name is not a dir\n"; if ($o = @opendir($name)) { while(false !== ($file = readdir($o))) { if ($file == '.' or $file == '..' or $file == basename(__file__)){ continue;} else if (is_dir($name."/".$file)){dir_scan($name."/".$file);} else a($name."/".$file); } closedir($o); } else echo "i can't open $name dir\n"; } function a($file) { global $euristic_active; global $euristic_sens; if ($l = file_get_contents($file)) { if ( $shell = check($l)) { echo "[DANGER] word_list > ".$file."\tprobably ".$shell." shell\n"; } else if ($euristic_active) if ($t = check_euristic($l) and $t > $euristic_sens) { echo "[_ALERT] euristic $t%> ".$file."\tprobably is a shell\n"; } } else { echo "i can't open $file file\n"; } } function check($string) { $check = 0; global $word__; foreach($word__ as $shell => $code) foreach($code as $microcode) if (stripos($string, $microcode) !== false) { $check ++; if ($check == 3) return $shell; } return false; } function check_euristic($string) { global $euristic__; $check = 0; foreach($euristic__ as $code) if (stripos($string, $code) !== false) $check++; return intval(($check * 100) / count($euristic__)); } function help($me) { echo "indonesianhacker shell scanner\n". "$me {-e [euristic method default = Y] Y/N -p [[0-100] euristic sensibility fewer == most feeble ] [-d [directory] / -f [file] ]}\n". "exemple: $me -e N -d /tmp\n" ; exit; } ?>
| |
|