PENTING | Scan File Backdoor Web Ente dari Serangan Hacker

.

Tadi ane dikasih petunjuk oleh temen di FB buat scan file file yang mencurigakan yang disisipkan Hacker, selain nyisipin file-file aneh siapa tahu ada file yang disisipin gak kita ketahui coba gunakan kode ini untuk scan file-file backdoor di web ente:

script ini akan menscan file2 yang ada di root yang di curigai atau berpotensi sebagai shell . .

PHP Code:

Spoiler

#!/usr/bin/php
<?php
/*
* this script find some shell like
* c99, c100, r57, erne, Safe_Over
* and try to find some of unknow shell searching specific words this can be
* not safe
*
* how to use:
* the script don't need no-one of these parameter thay are facoltative
* -e Y/N enable disable eusristic mode (default is enable)
* -p a number 1-100 , it's the percentual of word that must be find into the file to warm the euristic mode
* -f check a single file
* -d check a single dir (normaly the program is recursive chek ALL file )
* powered by Dr. nefasto
*/
$euristic__ = array("fopen", "file(", "file_get_contents", "sql", "opendir", "perms", "port", "eval", "system", "exec", "rename", "copy", "delete", "hack", "(\$_", "phpinfo", "uname", "glob", "is_writable", "is_readable", "get_magic_quotes_gpc()", "move_uploaded_file", "\$dir", "& 00", "get");
$word__ = array(
"c99" => array("c999shexit();", "setcookie(\"c999sh_surl\");", "c999_buff_prepare();"),
"c100" => array("\$back_connect_c=\"f0VMRgEBAQA", "function myshellexec(\$command) {", "tEY87ExcilDfgAMhwqM74s6o"),
"r57" => array("if(strpos(ex(\"echo abcr57\"),\"r57\")!=3)", "function ex(\$cfe)", "\$port_bind_bd_c=\"I2luY2x1ZGUg"),
"erne"=> array("function unix2DosTime(\$unixtime = 0)", "eh(\$errno, \$er", "\$mtime=@date(\"Y-m-d H:i:s\",@filemti"),
"Safe_Over" => array("function walkArray(\$array){", "function printpagelink(\$a, \$b, \$link = \"\")", "if (\$cmd != \"downl\")"),
"cmd_asp" => array(" ' -- Read th", "ll oFileSys.D", "Author: Maceo")
);
//the script work
$euristic_active = true;
$euristic_sens = 40;
for ($i = 1; $i < $argc; $i++)
{
if ($argv[$i] == "-h")
help($argv[0]);
elseif($argv[$i] == "-e")
{
if ($argv[$i+1] == "Y") $euristic_active = true;
if ($argv[$i+1] == "N") $euristic_active = false;
}
elseif($argv[$i] == "-p")
$euristic_sens = $argv[$i+1];
elseif($argv[$i] == "-d")
{
dir_scan($argv[$i+1]);
exit;
}
elseif($argv[$i] == "-f")
{
a($argv[$i+1]);
exit;
}
}
dir_scan(".");
function dir_scan($name)
{
if (!is_dir($name))
echo "$name is not a dir\n";
if ($o = @opendir($name))
{
while(false !== ($file = readdir($o)))
{
if ($file == '.' or $file == '..' or $file == basename(__file__)){ continue;}
else if (is_dir($name."/".$file)){dir_scan($name."/".$file);}
else
a($name."/".$file);
}
closedir($o);
}
else
echo "i can't open $name dir\n";
}
function a($file)
{
global $euristic_active;
global $euristic_sens;
if ($l = file_get_contents($file))
{
if ( $shell = check($l))
{
echo "[DANGER] word_list > ".$file."\tprobably ".$shell." shell\n";
}
else if ($euristic_active)
if ($t = check_euristic($l) and $t > $euristic_sens)
{
echo "[_ALERT] euristic $t%> ".$file."\tprobably is a shell\n";
}
}
else
{
echo "i can't open $file file\n";
}
}
function check($string)
{
$check = 0;
global $word__;
foreach($word__ as $shell => $code)
foreach($code as $microcode)
if (stripos($string, $microcode) !== false)
{
$check ++;
if ($check == 3) return $shell;
}
return false;
}
function check_euristic($string)
{
global $euristic__;
$check = 0;
foreach($euristic__ as $code)
if (stripos($string, $code) !== false)
$check++;
return intval(($check * 100) / count($euristic__));
}
function help($me)
{
echo "indonesianhacker shell scanner\n".
"$me {-e [euristic method default = Y] Y/N -p [[0-100] euristic sensibility fewer == most feeble ] [-d [directory] / -f [file] ]}\n".
"exemple: $me -e N -d /tmp\n"
;
exit;
}
?>

Simpan misal dengan nama antisipasi.php
terus panggil url ente misal: hxxp://sayangkamu.com/antisipasi.php


Semoga bermanfaat, gak nolak dikasih like

.

 

Mantap Izin coba praktekin dulu suhu

 

Praktek,,,

 

nice share gan...

 

makasih infonya, tambah ilmu lagi nih

 

Keren ane coba dulu bos, like meluncur, thanks

 

penting banget nih, thank's

 

ayo, mana yg sudah praktek..nunggu reviewnya dulu

soalnya gk ngerti yg beginian

 

Ato jangan2 nih scrip yg buka backdoor

Bcanda bro soalnya ga ngerti

 

ane juga takut, karena gak tau coding

 

hoho itu apa yah menurut pengalaman temen ane yg defacer klo wp biasanya lewat theme sama plugins kebanyakan mereka bisa cari celah dari situ.

 

sangat bermanfaat...yuk mari di coba
like nya dah di pencetssss

 

nunggu review dulu

 

,,wah berguna banget nih gan

Ijin praktek dulu
---
klo expert dh pke Acunetix

 

itu namanya komentar atau keterangan, mau di ubah tulisanya jadi saya ganteng jg gk apa2

 

hasilnya kek gini gan...

gimana tuh?

 

banyak amir Alert nya, wadoh....