Hey I'm deciding to write this simple guide to protect all of those who run a web server and don't want to get rm -rf /'ed by somebody with access to a PHP shell on your server.
Method 1:
The first way is by using a *nix command. This command will only work if you're on a *nix system. If you're on windows, remove it and install *nix.
The command you want to execute is:
find /var/www -name "*".php -type f -print0 | xargs -0 grep r57 | uniq -c | sort -u | cut -d":" -f1 | awk '{print "rm -rf " $2}' | uniq
This will search /var/www for any .php file, with the content r57 within the files. Then it will sort the file using the -u tack which will do a unique sort. Then cut out the line of code. If you want to search for a disguised file such as a .gif file with:
find /var/www -name "*".gif -type f -print0 | xargs -0 grep r57 | uniq -c | sort -u | cut -d":" -f1 | awk '{print "rm -rf " $2}' | uniq
Also, you can take out the
awk '{print "rm -rf " $2}'
pipe as this will put "rm -rf" in front of the file allowing you to put the output into a file and run it to remove the files.
If you want to search for c99 you may have to change it, but in my experience this command works fine for finding all shells on a system. But you may want to search for other popular things within a shell. Here is a list of some popular things I've seen:
shell
0wned
owned
hacker
h4cker
was here
modded
Command execute
Safe-Mode Bypass
Safe-Mode:
Kernel:
Here is the example output from my local apache server that has a whole folder of PHP shells:
chronic@vandal:~$ find /var/www -name "*".php -type f -print0 | xargs -0 grep r57 | uniq -c | sort -u | cut -d":" -f1 | awk '{print "rm -rf " $2}' | uniq
rm -rf /var/www/temp/c99.php
rm -rf /var/www/temp/GNYshell.php
rm -rf /var/www/temp/php_listers/c99u.php
rm -rf /var/www/temp/php_listers/safe0ver.php
rm -rf /var/www/temp/php_listers/sniper.php
rm -rf /var/www/temp/r57.php
rm -rf /var/www/temp/c99.php
Easy. Found all but 3 PHP shells located in /var/www
Then you may proceed to remove the shells.
Method 2:
The second way is by looking through the log files. Log files are usually located in
/var/log
The apache log should be in /var/log/apache2/ with the name of access.log
If you look at the log you can get a detailed report of what is going on. Take this log for example from my system:
::1 - - [06/Feb/2011:16:34:39 -0500] "GET /GNYshell.php?file=%2Fetc%2Fpasswd HTTP/1.1" 200 6147 "http://localhost/GNYshell.php?act=cmd" "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.04 (lucid) Firefox/3.6.13"
The first ::1 is my IP(the local IP in this case). Then the date and the method used, in this case GET. Then we see the most vital piece of info, the page being accessed. Note the
?file=%2Fetc%2Fpasswd
This should be a red flag that this file is a shell, even though it may not be named GNYshell on your server, it may be named something non suspicious such as post.php. Then we have some other info such as the referrer in this case http://localhost/GNYshell.php?act=cmd
From now you know who was accessing the shell, where the shell is etc.
Hope this was useful to you and you can use it to help secure your server.
Monday, 25 July 2011
Monday, 4 July 2011
World's first 111 Giga Pixel Picture
The picture was made with the Canon 5D mark II and a 400mm-lens.
It consists of 1.665 full format pictures with 21.4 mega pixel, which was
Recorded by a photo-robot in 172 minutes. The converting of 102 GB raw
Data by a computer with a main memory cache of 48 GB and 16 processors took
94 hours. The picture is the largest in the world.
Zoom in to see any particular building/object.
Sevilla111.com
Javascript is a very cool language that helps make sites even more dynamic...
I want to show you simple and cool javascript tricks
For each code, copy and paste it into your browser url
1st: This hack will ONLY affect your computer but its still very cool...
Copy this in your browser:
javascript: document.body.contentEditable = 'true'; document.designMode = 'on'; void 0
2nd: This hack will make the image on this page DANCE:
javascript:R=0; x1=.1; y1=.05; x2=.25; y2=.24; x3=1.6; y3=.24; x4=300; y4=200; x5=300; y5=200; DI=document.images; DIL=DI.length; function A(){for(i=0; i-DIL; i++){DIS=DI[ i ].style; DIS.position='absolute'; DIS.left=(Math.sin(R*x1+i*x2+x3)*x4+x5)+"px"; DIS.top=(Math.cos(R*y1+i*y2+y3)*y4+y5)+"px"}R++}setInterval('A()',5); void(0);
I want to show you simple and cool javascript tricks
For each code, copy and paste it into your browser url
1st: This hack will ONLY affect your computer but its still very cool...
Copy this in your browser:
javascript: document.body.contentEditable = 'true'; document.designMode = 'on'; void 0
2nd: This hack will make the image on this page DANCE:
javascript:R=0; x1=.1; y1=.05; x2=.25; y2=.24; x3=1.6; y3=.24; x4=300; y4=200; x5=300; y5=200; DI=document.images; DIL=DI.length; function A(){for(i=0; i-DIL; i++){DIS=DI[ i ].style; DIS.position='absolute'; DIS.left=(Math.sin(R*x1+i*x2+x3)*x4+x5)+"px"; DIS.top=(Math.cos(R*y1+i*y2+y3)*y4+y5)+"px"}R++}setInterval('A()',5); void(0);
lock your computer in 2 seconds
Very useful when you have to leave your system on for some time and you have to go some where else...
Right click on an empty area of the desktop and choose 'new' then 'shortcut.' The create shortcut wizard will open. in the
first text box, type '%windir%\\System32\\rundll32.exe user32.dll,LockWorkStation' and then give your shortcut an
appropriate name on the next page, and hit 'finish.'
You will notice that the shortcut you created has a blank icon. To select a more appropriate one, right click on the
shortcut and hit 'properties.' In the 'shortcut' tab, click the 'change icon' button.
else u can simply press the \"window key + l\" to lock your computer
Right click on an empty area of the desktop and choose 'new' then 'shortcut.' The create shortcut wizard will open. in the
first text box, type '%windir%\\System32\\rundll32.exe user32.dll,LockWorkStation' and then give your shortcut an
appropriate name on the next page, and hit 'finish.'
You will notice that the shortcut you created has a blank icon. To select a more appropriate one, right click on the
shortcut and hit 'properties.' In the 'shortcut' tab, click the 'change icon' button.
else u can simply press the \"window key + l\" to lock your computer
Protect you against google robots trace
Guys with this engine you can protect you searches against google robots that can trace your history & store it for 26 years yes you hear right so you can use the below link for your mysterious activities :LOL: try it now..enjoy
https://ssl.scroogle.org/
https://ssl.scroogle.org/
Security Vendor Removal Tools
Stinger & AVERT Tools
http://vil.nai.com/vil/averttools.asp
Pqremove Panda Quick Remover
http://www.pandasoftware.com/download/utilities/
Avast Cleaner Tools
http://download.cnet.com/Avast-Virus-Cle...?tag=mncol
AVG New Remover Tool
I-Worm/Bagle, I-Worm/Bugbear, I-Worm/Netsky, I-Worm/Sasser, PSW.Bispy, I-Worm/Zafi.A,B
http://www.grisoft.com/us/us_index.php
AVG Specialized Virus Removal Utilities
http://www.grisoft.com/us/us_ts_removers.php
Bitdefender Removal Tools
http://www.bitdefender.com/html/free_tools.php
Kaspersky Virus Removal Tools
http://www.kaspersky.com/removaltools.html
Symantec Removal Tools
http://www.sarc.com/avcenter/tools.list.html
http://www.symantec.com/business/securit...ltools.jsp
F-Secure Removal Tools
http://www.f-secure.com/en_EMEA/security...val-tools/
Panda Removal Tools
http://www.pandasecurity.com/homeusers/d...utilities/
Sophos Removal Tools
http://www.sophos.com/support/disinfection/
eTrust Antivirus Tools & Utilities
http://www.ca.com/us/securityadvisor/new...?cid=40387
Avira Removal Tool
http://majorgeeks.com/AVIRA_Removal_Tool...d4771.html
Misc.
Sophos Conflicker Removal Tool
http://www.sophos.com/products/free-tool...-tool.html
VundoFix
http://vundofix.atribune.org/
AIMfix
http://www.jayloden.com/aimfix.htm
ViewPoint Killer
http://www.spywareinfoforum.com/index.ph...ointKiller
MSBlast Remover
http://majorgeeks.com/MSBlast_Remover_d3970.html
Run Software Trials forever! and legally.
So we have Adobe Photoshop, Indesign, Dreamweaver and a lots and loads of software people die for. CHIP has given away software trials for some really great software! I would have wished to run them forever! What to do? I do not have thousands to spend on software and when they are so many and such great ones?
Do not worry. There is an elegant, simple and LEGAL way to run your software trials for as long yu wish. Now of course nothing comes for free so you will have to pay it with some time after the software expires each time.
Actually what you need to do is:
1> Install a virtualizer. A very good and free virtualizer is VirtualBox. (Google for it)
2> Now after installation, take a snapshot of the Virtual Machine on which it is installed. Make sure that the software trial you want to use for long is NOT INSTALLED at that time.
3> INstall the software trial in the virtual machine.
4> When the software trial period expires, Just save the files you created by that software onto the REAL SYSTEM (not the virtual machine).
5> Revert back to the snapshot you had taken in the beginning. You will see that the software is not present in the virtual machine. Actually it is the same state of the mahine when its snapshot was saved.
6> Now install the software once again and transfer the software files (the one you has created prevously) into the virtual machine.
You can repeat the above process and make the TRIAL software work forever! Juts that you have to reainstall the software each time it expires.
In this way, you are not using any cracks, are not in the danger of violating any policies and free of any malware and viruses it might have come with (if any)!
Do not worry. There is an elegant, simple and LEGAL way to run your software trials for as long yu wish. Now of course nothing comes for free so you will have to pay it with some time after the software expires each time.
Actually what you need to do is:
1> Install a virtualizer. A very good and free virtualizer is VirtualBox. (Google for it)
2> Now after installation, take a snapshot of the Virtual Machine on which it is installed. Make sure that the software trial you want to use for long is NOT INSTALLED at that time.
3> INstall the software trial in the virtual machine.
4> When the software trial period expires, Just save the files you created by that software onto the REAL SYSTEM (not the virtual machine).
5> Revert back to the snapshot you had taken in the beginning. You will see that the software is not present in the virtual machine. Actually it is the same state of the mahine when its snapshot was saved.
6> Now install the software once again and transfer the software files (the one you has created prevously) into the virtual machine.
You can repeat the above process and make the TRIAL software work forever! Juts that you have to reainstall the software each time it expires.
In this way, you are not using any cracks, are not in the danger of violating any policies and free of any malware and viruses it might have come with (if any)!
Google Secrets
Google secrets
--------------------------------------------------------------------------------
method 1
?ww.google.com
put this string in google search:
"parent directory " /appz/ -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory " DVDRip -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory "Xvid -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory " Gamez -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory " MP3 -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory " Name of Singer or album -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
Notice that i am only changing the word after the parent directory, change it to what you want and you will get a lot of stuff.
voila!
method 2
?ww.google.com
put this string in google search:
?intitle:index.of? mp3
You only need add the name of the song/artist/singer.
Example: ?intitle:index.of? mp3 jackson
--------------------------------------------------------------------------------
method 1
?ww.google.com
put this string in google search:
"parent directory " /appz/ -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory " DVDRip -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory "Xvid -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory " Gamez -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory " MP3 -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
"parent directory " Name of Singer or album -xxx -html -htm -php -shtml -opendivx -md5 -md5sums
Notice that i am only changing the word after the parent directory, change it to what you want and you will get a lot of stuff.
voila!
method 2
?ww.google.com
put this string in google search:
?intitle:index.of? mp3
You only need add the name of the song/artist/singer.
Example: ?intitle:index.of? mp3 jackson
How to play with notepad [10 Awesome Notepad Tricks]
Notepad is the default text editor in the Microsoft Windows OS. Many people prefer alternatives to notepad such as Notepad++, but did you know that notepad can do much more than just view and edit text ? In fact, I’ll tech you how to make a fake virus using notepad so that you can fool your friends 
Here are some awesome trick you can do with notepad…..
1. Log Diary Trick
Have you ever wanted to make your own diary on your computer ? Why not try notepad..
2. The 4335 Rule
This trick may not work on all computers
This has been surprising users for quite some time. When you enter a few secret codes, notepad hides them.
The same happens with this app can break.
3. Open a file using notepad
Here is a simple trick to open any file or program with notepad.
Open notepad and type the following:
Please note that the file type should be kept as ALL FILES while saving it as a .bat file.
Change path of file with your actual file path. For example if you have a file called run with an extension .exe in the folder TEST in C:\ drive, then your path should be something like this: C:\TEST\run.exe
If you want to open some complicated programs such as Firefox, then use this code:
4. Make Questions
Want to make something interactive ? Need to make questions ? Here is an example of a question made with notepad where the user got the answer correct.
To do this, just type the following code in notepad.
@ECHO OFF
ECHO:
ECHO ………………………………………..
ECHO PRESS 1 or 2 to select your task, or 3 to EXIT.
ECHO ………………………………………..
ECHO.
ECHO 1 – This info was given by Fun PC Life
ECHO 2 – This info was not given by Fun PC Life
ECHO 3 – EXIT
ECHO.
SET /P M=Type 1, 2, or 3, then press ENTER:
echo:
IF %M%==1 GOTO Correct
IF %M%==2 GOTO Wrong
IF %M%==3 GOTO EXIT
:Correct
echo You are right !!
GOTO END
:Wrong
echo You are wrong. This info was really given by Fun PC Life
GOTO END
:END
PAUSE
goto EXIT
:EXIT
Now save the file as Question.bat and run the file.
Please note that the file type should be kept as ALL Files while saving it as a .bat file.
You can modify the code for your convenience. Change the bold text and try it out.
5. Make the Matrix
To make this, open notepad and type the following:
@echo off
color 2
:start
echo %random% %random% %random% %random% %random% %random% %random% %random% %random% %random% %random% %random% %random% %random%
goto start
Save this file as Matrix.bat
Make sure the file type is kept as ALL FILES while saving it as a .bat file.
Open the saved file and see the magic.
6. Alternative Single Character Matrix
Type in the following in notepad:
@echo off
color 0a
:A
echo 7 y x 3 W 8 G M P q 1 F 0 U v c i j O D s a E I j H 9 t 6 7 z C B 4 g 8 3 W 8 G
ping localhost -n 1 > nul
goto A
Save the file as Matrix2.bat and run the file.
The file type should be kept as ALL FILES while saving a .bat file.
7. Lock Folders using Notepad
This trick may not work on all computers
Lets say you want to lock a folder named PICS in your D:\ drive , whose path is D:\PICS
Then the code should be something like this:
ren pics pics.{21EC2020-3AEA-1069-A2DD-08002B30309D}
Pics is your folder name. Use the name of the folder in place for pics. Save the text file as lock.bat in the same drive.
To unlock this locked folder:
Open another new notepad text file and type the following:
ren pics.{21EC2020-3AEA-1069-A2DD-08002B30309D} pics
Save the text file as key.bat in the same drive. Here again, pics is the name of the folder. Change it to the folder you want to lock.
8. Make a fake Virus POP UP
Type the following code in notepad:
@echo off
msg * WARNING
msg * VIRUS ENTERED YOUR PC
Save the file as pop.bat and run it. You should get two pop up messages. There has been an issue on some computers, but it should work on most computers.
9. Create a command prompt Virus message
Type the following in notepad:
@ echo off
title Virus
echo Your system is affected by virus
PAUSE
echo:
echo Windows will now try to undo changes
PAUSE
echo:
echo FAILED !
PAUSE
echo:
echo Your system is corrupt
PAUSE
Save the file as virus.bat and run the file.
10. Test your antivirus by EICAR STANDARD ANTIVIRUS TEST
Now, you can check if your antivirus really works. Type the following in notepad:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
Save the file as virus-test.txt
Scan the file. If your antivirus detects this file as a virus and tries to remove it, then you can be sure your antivirus is a good one. This is a much easier way, than actually downloading a virus to test it. This sample virus code is perfectly harmless and allows you to test your antivirus. A good antivirus like MS Security Essentials will detect this test virus even before you scan it.
That's all the tricks I'm sharing, at least for now. All the tricks above are perfectly safe and will not harm your computer in any way. There are many destructive notepad tricks as well, like making a real virus which kills the Operating System, but personally, I believe that is only meant for developers who want to make their OS security better. Use these tricks in your best behavior
Here are some awesome trick you can do with notepad…..
1. Log Diary Trick
Have you ever wanted to make your own diary on your computer ? Why not try notepad..
- Open notepad
- Type .LOG
- Save the file as LOG.txt
2. The 4335 Rule
This trick may not work on all computers
This has been surprising users for quite some time. When you enter a few secret codes, notepad hides them.
- Open notepad and type in BUSH HID THE FACTS
- Close notepad and open it again to see the magic
The same happens with this app can break.
3. Open a file using notepad
Here is a simple trick to open any file or program with notepad.
Open notepad and type the following:
Start path of fileThen save the file as Shortcut.bat
Please note that the file type should be kept as ALL FILES while saving it as a .bat file.
Change path of file with your actual file path. For example if you have a file called run with an extension .exe in the folder TEST in C:\ drive, then your path should be something like this: C:\TEST\run.exe
If you want to open some complicated programs such as Firefox, then use this code:
START /d “path of folder” program.extensionChange path of folder with the actual path of the folder, and put the name of the program with its extension. For example if you have a file called run with an extension of .exe in the folder TEST in C:\ drive, then your code should be something like this: START /d “C:\TEST” run.exe
4. Make Questions
Want to make something interactive ? Need to make questions ? Here is an example of a question made with notepad where the user got the answer correct.
To do this, just type the following code in notepad.
@ECHO OFF
ECHO:
ECHO ………………………………………..
ECHO PRESS 1 or 2 to select your task, or 3 to EXIT.
ECHO ………………………………………..
ECHO.
ECHO 1 – This info was given by Fun PC Life
ECHO 2 – This info was not given by Fun PC Life
ECHO 3 – EXIT
ECHO.
SET /P M=Type 1, 2, or 3, then press ENTER:
echo:
IF %M%==1 GOTO Correct
IF %M%==2 GOTO Wrong
IF %M%==3 GOTO EXIT
:Correct
echo You are right !!
GOTO END
:Wrong
echo You are wrong. This info was really given by Fun PC Life
GOTO END
:END
PAUSE
goto EXIT
:EXIT
Now save the file as Question.bat and run the file.
Please note that the file type should be kept as ALL Files while saving it as a .bat file.
You can modify the code for your convenience. Change the bold text and try it out.
5. Make the Matrix
To make this, open notepad and type the following:
@echo off
color 2
:start
echo %random% %random% %random% %random% %random% %random% %random% %random% %random% %random% %random% %random% %random% %random%
goto start
Save this file as Matrix.bat
Make sure the file type is kept as ALL FILES while saving it as a .bat file.
Open the saved file and see the magic.
6. Alternative Single Character Matrix
Type in the following in notepad:
@echo off
color 0a
:A
echo 7 y x 3 W 8 G M P q 1 F 0 U v c i j O D s a E I j H 9 t 6 7 z C B 4 g 8 3 W 8 G
ping localhost -n 1 > nul
goto A
Save the file as Matrix2.bat and run the file.
The file type should be kept as ALL FILES while saving a .bat file.
7. Lock Folders using Notepad
This trick may not work on all computers
Lets say you want to lock a folder named PICS in your D:\ drive , whose path is D:\PICS
Then the code should be something like this:
ren pics pics.{21EC2020-3AEA-1069-A2DD-08002B30309D}
Pics is your folder name. Use the name of the folder in place for pics. Save the text file as lock.bat in the same drive.
To unlock this locked folder:
Open another new notepad text file and type the following:
ren pics.{21EC2020-3AEA-1069-A2DD-08002B30309D} pics
Save the text file as key.bat in the same drive. Here again, pics is the name of the folder. Change it to the folder you want to lock.
8. Make a fake Virus POP UP
Type the following code in notepad:
@echo off
msg * WARNING
msg * VIRUS ENTERED YOUR PC
Save the file as pop.bat and run it. You should get two pop up messages. There has been an issue on some computers, but it should work on most computers.
9. Create a command prompt Virus message
Type the following in notepad:
@ echo off
title Virus
echo Your system is affected by virus
PAUSE
echo:
echo Windows will now try to undo changes
PAUSE
echo:
echo FAILED !
PAUSE
echo:
echo Your system is corrupt
PAUSE
Save the file as virus.bat and run the file.
10. Test your antivirus by EICAR STANDARD ANTIVIRUS TEST
Now, you can check if your antivirus really works. Type the following in notepad:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
Save the file as virus-test.txt
Scan the file. If your antivirus detects this file as a virus and tries to remove it, then you can be sure your antivirus is a good one. This is a much easier way, than actually downloading a virus to test it. This sample virus code is perfectly harmless and allows you to test your antivirus. A good antivirus like MS Security Essentials will detect this test virus even before you scan it.
That's all the tricks I'm sharing, at least for now. All the tricks above are perfectly safe and will not harm your computer in any way. There are many destructive notepad tricks as well, like making a real virus which kills the Operating System, but personally, I believe that is only meant for developers who want to make their OS security better. Use these tricks in your best behavior
Subscribe to:
Posts (Atom)