External/php-malware-scanner
1
0
Fork 0
mirror of https://github.com/scr34m/php-malware-scanner.git synced 2026-06-16 12:30:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
b138ce1707c9f68316de36359bd7d3b8d2abc014
php-malware-scanner/patterns_raw.txt
nichogenius 32e8992b50 preg_replace b64 sample shortened to 'replace' 
preg_replace should be shortened to just replace as it will also match str_replace, str_ireplace, ereg_replace, eregi_replace and many others I'm sure.  Should increase number of hits.  

'preg_replace' base64 strings: (removed)
cHJlZ19yZXBsYWNl
ByZWdfcmVwbGFjZ
wcmVnX3JlcGxhY2

'replace' base64 strings: (added)
cmVwbGFjZ
JlcGxhY2
yZXBsYWNl
2017-07-24 22:32:57 -06:00

175 lines
3.9 KiB
Plaintext
Raw Blame History

uname -a
/etc/shadow
/etc/passwd
WSOstripslashes
PD9waH
w/cGhw
8P3Boc
c3lzdGVt
N5c3Rlb
zeXN0ZW
\x73\x79\x73\x74\x65\x6d' /* case, dec/hex issue? */, // system
cmVwbGFjZ
JlcGxhY2
yZXBsYWNl
\x70\x72\x65\x67\x5f\x72\x65\x70\x6c\x61\x63\x65' /* case, dec/hex issue? */, // preg_replace
ZXhlYy
V4ZWMo
leGVjK
\x65\x78\x65\x63' /* dec/hex issue? */, // exec
='base'.(32*2).'_de'.'code'
"base64_decode"
YmFzZTY0X2RlY29kZ
Jhc2U2NF9kZWNvZG
iYXNlNjRfZGVjb2Rl
"p"."r"."e"."g"."_"
eval("?>
ev\x61l
\x65\166\x61\154\x28' /* dec/hex issue? */,
\x65\x76\x61\x6C' /* case, dec/hex issue? */,
ZXZhbC
V2YWwo
ldmFsK
'ev'.'al'.'
eval(base64_decode(
\x47\x4c\x4f\x42\x41LS
SFRUUF9VU0VSX0FHRU5U
hUVFBfVVNFUl9BR0VOV
IVFRQX1VTRVJfQUdFTl
YWxsb3dfdXJsX2ZvcGVu
FsbG93X3VybF9mb3Blb
hbGxvd191cmxfZm9wZW
${${
file_get_contents('http://codepad.org
PHPJiaMi
@include($_GET[
system($_GET[
md5($_GET[
ShellBOT
bgeteam
DisablePHP=
moban.html
<?php eval
$data = base64_decode("
a,b,c,d,e,f,g
freetellafriend.com
SHELL_PASSWORD
curl_get_from_webpage
base=base64_encode
@x0powo
@preg_replace
1@1.com
META http-equiv="refresh" content="0;
="create_";global
YW55cmVzdWx0cy5uZX
FueXJlc3VsdHMubmV0
hbnlyZXN1bHRzLm5ld
ZOBUGTEL
MagelangCyber
//rasta//
Baby_Drakon
Net@ddress Mail
Created By EMMA
3xp1r3
NinjaVirus Here
<dot>IrIsT
Hacked By EnDLeSs
Punker2Bot
Zed0x
darkminz
ReaL_PuNiShEr
OoN_Boy
__VIEWSTATEENCRYPTED
M4ll3r
createFilesForInputOutput
Pashkela
== "bindshell"
Webcommander at
YENI3ERI
d3lete
Made by Delorean
R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAA
Cybester90
ayu pr1 pr2 pr3 pr4 pr5 pr6
f0VMRgEBAQA
0d0a0d0a676c6f62616c20246d795f736d7
etalfnizg
JHZpc2l0Y291bnQgPSAkSFRUUF9DT09LSUVf
R2aXNpdGNvdW50ID0gJEhUVFBfQ09PS0lFX
kdmlzaXRjb3VudCA9ICRIVFRQX0NPT0tJRV
edoced_46esab
VOBRA GANGO
itsoknoproblembro
HTTP flood complete after
exploitcookie
az88pix00q98
The Dark Raver
Q3JlZGl0IDogVW5kZXJncm91bmQgRGV2aWwgJm5ic3A7ICB8DQo8YSBocmVmP
463839610c000b00800100ffffffffffff21f90401000001002c000
AAAAAAAAMAAwABAAAAeAUAADQAAADsCQAAAAAAADQAIAADACgAFwAUAAEA
HJ3HjutckoRfpXf9A1zQO2AwDRrRey9uGvTeez79qAao1a0rgudkZkR8Ra
Ly83MTg3OWQyMTJkYzhjYmY0ZDRmZDA0NGEzZDE3Zjk3ZmI2N
DJ7VIU7RICXr6sEEV2cBtHDSOe9nVdpEGhEmvRVRNURfw1wQ
Asmodeus
Cautam fisierele de configurare
BRUTEFORCING
FaTaLisTiCz_Fx Fx29Sh
w4ck1ng shell
private Shell by m4rco
Shell by Mawar_Hitam
LS0gRHVtcDNkIGJ5IFBpcnVsaW4uUEhQIFdlYnNoM2xsIHYxLjAgYzBkZWQgYnkgcjBkcjEgOkw\=
5jb20iKW9yIHN0cmlzdHIoJHJlZmVyZXIsImFwb3J0Iikgb3Igc3RyaXN0cigkcmVmZXJlciwibmlnbWEiKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJ3ZWJhbHRhIikgb3Igc3RyaXN0cigk
X1NFU1NJT05bJ3R4dGF1dGhpbiddID0gdHJ1ZTsNCiAgICBpZiAoJF9QT1NUWydybSddKSB7DQogICAgICBzZXRjb29raWUoJ3R4dGF1dGhfJy4kcm1ncm91cCwgbW
zehirhacker
R0lGODlhFAAUAKIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAA
m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsNCmlmICghJHJvdXQgICYmICAhJGVvdX
CB2aTZpIDEwMjQtDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KI3JlcXVp
DX_Header_drawn
BDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCAAQABADASIAAhEBA
casus15
temp_r57_table
By Psych0
c99ftpbrutecheck
K!LL3r
MrHazem
BY MMNBOBZ
ConnectBackShell
Hackeado
d3b~X
REREFER_PTTH
Joomla_brute_Force
/usr/sbin/httpd
tmhapbzcerff
IrSecTeam
Spammer
FLoodeR
eriuqer
sshkeys
<kuku>
Backdoor
eggdrop
rwxrwxrwx
profexor.hell
GIF89A;<?php
$sh3llColor
fwrite($fpsetv, getenv("HTTP_COOKIE")
putbot $bot
bind join - *
privmsg $chan
fopen('/etc/passwd
\u003c\u0069\u006d\u0067\u0020\u0073\u0072\u0063\u003d\u0022\u0068\u0074\u0074\u0070\u003a\u002f\u002f
\x31\xdb\xf7\xe3\x53\x43\x53\x6a\x02\x89\xe1\xb0\x66\xcd
find / \-type f \-name \.htpasswd
find / \-type f \-perm \-02000 \-ls
find / \-type f \-perm \-04000 \-ls
if(''==($df=@ini_get('disable_functions
system\"$cmd 1> /tmp/
ncftpput -u
wsoEx(
WSOsetcookie(
Dr.abolalh
C0derz.com
Mr.HiTman
\x47\x4c\x4f\x42\x41\x4c\x53
@eval($_POST['
Reference in New Issue View Git Blame Copy Permalink