Malin/LP-MSH-Scanner
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
LP-MSH-Scanner/sc.php

1356 lines
44 KiB
PHP
Raw Normal View History

Upload files to ''
2016-09-22 09:46:50 +02:00
<?php
Update 'sc.php'
2016-10-12 09:25:18 +02:00
/* Moved to the README.md*/
Upload files to ''
2016-09-22 09:46:50 +02:00
removed obsolete code
2019-08-04 19:57:17 +02:00
$version = "v4.0.5";
$released = "Aug/19";
Upload files to ''
2016-09-22 09:46:50 +02:00
$author = "Malin Cenusa";
$mail = "malin.cenusa@lunarpages.com";
removed obsolete code
2019-08-04 19:57:17 +02:00
$ip = "109.69.48.0";
Upload files to ''
2016-09-22 09:46:50 +02:00
$error = "Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 54 bytes)";
?>
<html>
<head>
<title>..:: Global Account Maintenance Tool ::.. <?php print_r($version); ?> released <?php print_r($released); ?> - by <?php print_r($author); ?> [ <?php print_r($mail); ?> ]</title>
<link rel="stylesheet" type="text/css" href="http://fonts.googleapis.com/css?family=Poiret One|Play" media="screen">
</head>
<body>
<div id="menu">
<h3>..:: Global Account Maintenance Tool ::.. <?php print_r($version); ?> released <?php print_r($released); ?> - by <?php print_r($author); ?> [ <?php print_r($mail); ?> ]</h3>
<div align="right" ><a href="?run=remove" style="color: #000000; background-color:#00ff00; font-size: 18px;">REMOVE SCRIPT</a></div><br /><hr>
<table style="border-spacing:0; width:100%; ">
<tr>
<td width="25%">
<span style="background-color:#00ff00; font-family: 'Play', Helvetica, Arial, serif; font-size: 16px; ">..:: MALWARE AUDIT ::..</span><br />
<ul>
<li><a href="?run=infection" style="color: #ff0000;">Known PHPShell Scan</a></li>
<li><a href="?run=scanme" style="color: #ff0000;">Known Malware Scan</a></li>
<li><a href="?run=checkexif" style="color: #ff0000;">Scan JPEG EXIF Data</b></a></li>
<li><a href="?run=iframe" style="color: #ff0000;">malicious IFRAME scan</a></li>
<li><a href="?run=checklarge" style="color: #ff0000;">Check Files With Large Lines</b></a></li>
<li><a href="?run=newscan" style="color: #ff0000;">Database String Scanner</a></li>
<li><a href="?run=findbot" style="color: #ff0000;">Run Findbot.PL</a></li>
adjusted the menu
2017-05-11 21:09:20 +02:00
<li><a href="?run=insecplug" style="color: #ff0000;">Insecure WP plugins</a></li>
Upload files to ''
2016-09-22 09:46:50 +02:00
<li><a href="?run=custom" style="color: #ff0000;">Custom string scanner</b></a></li>
</ul>
</td>
<td width="25%">
adjusted the menu
2017-05-11 21:09:20 +02:00
<span style="background-color:#00ff00; font-family: 'Play', Helvetica, Arial, serif; font-size: 16px; ">..:: SOP ::..</span><br />
Upload files to ''
2016-09-22 09:46:50 +02:00
<ul>
adjusted the menu
2017-05-11 21:09:20 +02:00
<li><a href="?run=version" style="color: #ff0000;">Get a list of installed scripts and their versions</a></li>
<li><a href="?run=addsec" style="color: #ff0000;">Secure .htaccess and php.ini</a></li>
<li><a href="?run=securetemps" style="color: #ff0000;">Secure Temporary/Images</a></li>
<li><a href="?run=fixperms" style="color: #ff0000;">Fix File and Folder Permissions</a></li>
<li><a href="?run=pwds" style="color: #ff0000;">Check password security</a></li>
<li><a href="?run=optim" style="color: #ff0000;">MySQL DB Optimization</a></li>
fixed securetemps
2017-05-15 11:54:53 +02:00
<li><a href="?run=cleanupl" style="color: #ff0000;">Cleanup (error logs, .suspected, zero byte files)</a></li>
Upload files to ''
2016-09-22 09:46:50 +02:00
</ul>
</td>
<td width="25%">
<span style="background-color:#00ff00; font-family: 'Play', Helvetica, Arial, serif; font-size: 16px; ">..:: CLEANER ::..</span><br />
<ul>
<li><a href="?run=cleanPL" style="color: #ff0000;">Clean.PL</b></a></li>
<li><a href="?run=cleanPHP" style="color: #ff0000;">Clean.PHP</a></li>
<li><a href="?run=cleanexif" style="color: #ff0000;">Clean EXIF</a></li>
<li><a href="?run=cleangravity" style="color: #ff0000;">Clean Gravity Forms Exploit</a></li>
adjusted the menu
2017-05-11 21:09:20 +02:00
Upload files to ''
2016-09-22 09:46:50 +02:00
</ul>
</td>
<td width="25%">
<span style="background-color:#00ff00; font-family: 'Play', Helvetica, Arial, serif; font-size: 16px; ">..:: MySQL ::..</span><br />
<ul>
<li><a href="?run=prefix" style="color: #ff0000;">Change Table Prefix</a></li>
<li><a href="?run=mysqlpwd" style="color: #ff0000;">Change MySQL user password</a></li>
<li><a href="?run=changeengine" style="color: #ff0000;">Change MySQL database engine</a></li>
<li><a href="?run=repl" style="color: #ff0000;">Replace Strings (MySQL password)</a></li>
</ul>
</td>
</tr>
</table><br />
<table style="border-spacing:0; width:100%; ">
<tr>
<td width="25%">
<span style="background-color:#00ff00; font-family: 'Play', Helvetica, Arial, serif; font-size: 16px; ">..:: FIND STUFF::..</span><br />
<ul>
<li><a href="?run=tmpcheck" style="color: #ff0000;">Find suspicious files in /tmp</a></li>
<li><a href="?run=symcheck" style="color: #ff0000;">Check for broken symlinks</a></li>
<li><a href="?run=findbackups" style="color: #ff0000;">Find backups</a></li>
<li><a href="?run=findsql" style="color: #ff0000;">Find SQL dumps</a></li>
<li><a href="?run=findlarge" style="color: #ff0000;">Find large files (unrelated content)</a></li>
<li><a href="?run=lastfiles" style="color: #ff0000;">Find last 500 modified files</a></li>
<li><a href="?run=findsymlinks" style="color: #ff0000;">Find Symlinks</a></li>
<li><a href="?run=findchmod" style="color: #ff0000;">Find Files & Dirs With Chmod 0000</a></li>
<li><a href="?run=getsize" style="color: #ff0000;">Get Size of a directory</a></li>
</ul>
</td>
<td width="25%">
<span style="background-color:#00ff00; font-family: 'Play', Helvetica, Arial, serif; font-size: 16px; ">..:: SOP/MISC. ::..</span><br />
<ul>
adjusted the menu
2017-05-11 21:09:20 +02:00
<li><a href="?run=reshog" style="color: #ff0000;">WP Resource Hogs</a></li>
<li><a href="?run=reshog" style="color: #ff0000;">Database Size</a></li>
<li><a href="?run=reshog" style="color: #ff0000;">Running Processes</a></li>
<li><a href="?run=processlist" style="color: #ff0000;">Check The ProcessList</a></li>
Upload files to ''
2016-09-22 09:46:50 +02:00
<li><a href="?run=transfer" style="color: #ff0000;">Site Transfer</a></li>
<li><a href="?run=zencart" style="color: #ff0000;">ZenCart Concantenated</a></li>
adjusted the menu
2017-05-11 21:09:20 +02:00
<li><a href="?run=vulntheme" style="color: #ff0000;">Vulnerable WP themes</a></li>
Upload files to ''
2016-09-22 09:46:50 +02:00
</ul>
</td>
adjusted the menu
2017-05-11 21:09:20 +02:00
Upload files to ''
2016-09-22 09:46:50 +02:00
</tr>
</ul>
</table>
<hr>
<div align="center">
<?php
/* let's define the paths first */
changed globals
2017-05-11 20:52:36 +02:00
$processUser = posix_getpwuid(posix_geteuid());
fixed bugs
2017-05-13 06:39:58 +02:00
$GLOBALS["user"] = $processUser['name'];
$GLOBALS["docroot"] = '/home/'.$GLOBALS["user"].'/';
$GLOBALS["webroot"] = '/home/'.$GLOBALS["user"].'/public_html/';
Upload files to ''
2016-09-22 09:46:50 +02:00
$GLOBALS["red"] = "<span style='color: #FF0000';>";
$GLOBALS["br"] = "<br />";
$GLOBALS["span"] = "</span>";
/* let's get the server and account specs */
echo "Server: ";
system('hostname');
echo " | user: ";
system('whoami');
echo " | location: ";
system('pwd');
if( ini_get('safe_mode') ){
echo "<font color=\"#ff0000;\"><br />PHP is running in safe mode - functionality is limited</font>";
}else{
echo "<font color=\"#ff0000;\"><br />PHP is not running in safe mode - script has full functionality<br /></font>";
}
/* checking the server wide load */
echo "<h3><b><center><font color='#FF0000'>Check the server load below first and make sure that you do not execute any of the functions if server has high load!!!</font></b></h3>";
system ("w | grep load");
?>
<hr>
</div>
<span style="font-size: 15px; line-height:90%">
<?php
function cleanupl(){
fixed securetemps
2017-05-15 11:54:53 +02:00
system('find '.$GLOBALS["webroot"].'/*/wp-content/uploads/ -type f -name "*.php" -print -exec rm -rfv {} \;'); /* clear PHP files from wp-content/uploads */
system('find '.$GLOBALS["webroot"].' -type f -name "*.php.suspected" -print -exec rm -rfv {} \;'); /* clear files renamed as *.suspected by the server AV */
system('find '.$GLOBALS["webroot"].' -type f -name "*.php" -size 0 -print -exec rm -rfv {} \;'); /* clear files with 0 bytes size */
system('find '.$GLOBALS["webroot"].' -type f -name "error_log" -print -exec rm -rfv {} \;'); // clear the error logs
Upload files to ''
2016-09-22 09:46:50 +02:00
}
new patterns
2018-01-05 13:38:46 +01:00
function passgen(){
$caracteres = '0123456789abcdefghijklmnpqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ$#@!?=%-+*.[]{}_,;:<>|';
$caractereslong = strlen($caracteres);
$clave = '';
for($i = 0; $i < 24; $i++) {
$clave .= $caracteres[rand(0, $caractereslong - 1)];
}
echo $clave;
}
Upload files to ''
2016-09-22 09:46:50 +02:00
/* function removezero(){
system("find ./ -type f -empty -print -exec rm -f {} \;");
} */
function vulntheme(){
}
updated .htaccess securing
2017-05-11 21:47:43 +02:00
function clear_cache(){
fixed bugs
2017-05-13 06:39:58 +02:00
//system("if [ $(find-name "cache" -maxdepth 0 -type d -empty 2>/dev/null) ]; then rm -rfv $i/*; echo "no cache dirs, or empty ones found"; fi");
updated .htaccess securing
2017-05-11 21:47:43 +02:00
}
Upload files to ''
2016-09-22 09:46:50 +02:00
/* cleaning the backdoor files of the Gravity Forms Exploit */
function cleangravity(){
fixed bugs
2017-05-13 06:39:58 +02:00
system('find '.$GLOBALS["webroot"].' -type f -name "*_input__test*" -print -exec rm -rf {} \;');
system('find '.$GLOBALS["webroot"].' -type f -name "*_input_*.php*" -print -exec rm -rf {} \;');
system('find '.$GLOBALS["webroot"].' -type f -name "*_input_*.txt*" -print -exec rm -rf {} \;');
Upload files to ''
2016-09-22 09:46:50 +02:00
}
/* use a modified version of Spamhaus's findbot.pl to identify left over backdoors */
function findbot(){
$output = shell_exec('./findbot.pl -c ./');
echo "<pre>$output</pre>";
}
/* secure the temporary directories against execution of malicious files */
updated .htaccess securing
2017-05-11 21:47:43 +02:00
// need to change this to PHP: https://gist.github.com/PalmaSolutions/3b5d2b69ac020c87ce53942785e39127
Upload files to ''
2016-09-22 09:46:50 +02:00
function securetemps(){
updated .htaccess securing
2017-05-11 21:47:43 +02:00
Upload files to ''
2016-09-22 09:46:50 +02:00
$htdata = '
<FilesMatch "\.(php([0-9]|s)?|s?p?html|cgi|pl|exe)$">
Order Deny,Allow
Deny from all
</FilesMatch>
';
added one dot
2017-05-14 11:36:03 +02:00
foreach(glob("../{**/*,*}/wp-content/uploads/") as $dirname)
fixed securetemps
2017-05-12 08:34:16 +02:00
{
$hta = fopen($dirname."/.htaccess", "w");
updated .htaccess securing
2017-05-11 21:47:43 +02:00
fwrite($hta, $htdata);
fclose($hta);
}
fixed securetemps
2017-05-15 11:54:53 +02:00
// patch for document root
if (file_exists("../wp-content"))
{
if (file_exists("../wp-content/uploads"))
{
if ((is_dir("../wp-content/uploads/")) AND ($dir !== ".") AND ($dir !== ".."))
{
if (file_exists("../wp-content/uploads/.htaccess"))
{
echo "";
}
else {
$hta = fopen("../wp-content/uploads/.htaccess", "w");
fwrite($hta, $htdata);
fclose($hta);
}
}
}
}
updated .htaccess securing
2017-05-11 21:47:43 +02:00
// system("for i in `find ../ -type d -path '*/tmp'`; do echo $i && echo -e '".$htdata."' >> \$i/.htaccess; done");
Upload files to ''
2016-09-22 09:46:50 +02:00
/* Joomla /images may cause a ton of false positive patches so we'll research this further */
// system("for i in `find ./ -type d -path '*/images' -print;`; do echo -e '".$htdata."' >> \$i/.htaccess; done");
updated .htaccess securing
2017-05-11 21:47:43 +02:00
//echo "all patched\n";
Upload files to ''
2016-09-22 09:46:50 +02:00
}
/* Vulnerability check
$output = shell_exec('find ./ -type f -name "*.php" -print -exec grep -RPn "(passthru|shell_exec|system|phpinfo|base64_decode|chmod|mkdir|fopen|fclose|readfile|php_uname|eval|tcpflood|udpflood|edoced_46esab) *\(" --color {} \;');
echo "<pre>$output</pre>"; */
moved cryptoPHP to main scanner
2017-05-15 12:04:33 +02:00
/* let's scan and clean cryptoPHP - moved to the main scanner - needs testing
Upload files to ''
2016-09-22 09:46:50 +02:00
function cryptophp(){
echo "Scanning for cryptoPHP in social.png files\n";
system("find ../ -type f -iname \"social*.png\" -exec grep -E -o 'php.{0,80}' {} \; -print");
echo "\nScanning for cryptoPHP in all PNG files\n";
system("find ../ -type f -iname '*.png' -print0 | xargs -0 file | grep \"PHP script\"");
}
moved cryptoPHP to main scanner
2017-05-15 12:04:33 +02:00
*/
Upload files to ''
2016-09-22 09:46:50 +02:00
/* Execute The Malware Scanner */
function scanme(){
added one dot
2017-05-14 11:36:03 +02:00
Upload files to ''
2016-09-22 09:46:50 +02:00
require_once("./scan.php");
added one dot
2017-05-14 11:36:03 +02:00
Upload files to ''
2016-09-22 09:46:50 +02:00
}
/* Execute The PHP Cleaner */
fixed securetemps
2017-05-15 11:54:53 +02:00
function cleanPHP(){
Upload files to ''
2016-09-22 09:46:50 +02:00
require_once("./clean.php");
fixed securetemps
2017-05-15 11:54:53 +02:00
Upload files to ''
2016-09-22 09:46:50 +02:00
}
/* Execute the Perl Cleaners */
function cleanPL(){
system("./malware.pl");
}
/* EXIF scanner */
function checkexif(){
fixed bugs
2017-05-13 06:39:58 +02:00
define('IMAGEPATH', $GLOBALS["webroot"]);
Upload files to ''
2016-09-22 09:46:50 +02:00
$directory = new RecursiveDirectoryIterator(IMAGEPATH);
$iterator = new RecursiveIteratorIterator($directory);
$matches = new RegexIterator($iterator, '/^.+\.(jpg|jpeg|png|tiff)$/i', RecursiveRegexIterator::GET_MATCH);
foreach($matches as $key => $match):
$exif = exif_read_data($match[0], 0, 'EXIF');
echo '<pre>', print_r($exif, true), '</pre>';
endforeach;
}
/* Insecure Plugins */
function insecplug(){
$plugins_list = array(
"complete-gallery-manager",
"wp-phpmyadmin",
"1-flash-gallery",
"category-list-portfolio-page",
"disclosure-policy-plugin",
"dp-thumbnail",
"ip-logger",
"is-human",
"jquery-slider-for-featured-content",
"kish-guest-posting",
"lisl-last-image-slider",
"really-easy-slider",
"rent-a-car",
"vk-gallery",
"wordpress-news-ticker-plugin",
"wp-marketplace",
"adminer",
"file-commander",
"portable-phpmyadmin",
"portable-phpmyadmin",
"toolspack",
"ToolsPack",
"revslider",
"research-plugin*"
);
foreach ($plugins_list as $plugin){
fixed bugs
2017-05-13 06:39:58 +02:00
system('find '.$GLOBALS["webroot"].' -type d -name '.$plugin.' -print');
Upload files to ''
2016-09-22 09:46:50 +02:00
}
}
/* Resource Hog Plugins */
function reshog(){
$plugin_list = array(
"broken-link-checker",
"myreviewplugin",
"linkman",
"fuzzy-seo-booster",
"wp-postviews",
"wordfence",
"tweet-blender",
"dynamic-related-posts",
"yet-another-related-posts-plugin",
"similar-posts",
"contextual-related-posts",
"yet-another-featured-posts-plugin",
"wponlinebackup",
"wpengine-snapshot",
"wpengine-migrate",
"wp-symposium-alerts",
"wp-slimstat",
"wp-missed-schedule",
"wordpress-gzip-compression",
"wp-cache",
"wp-database-optimizer",
"wp-db-backup",
"wp-dbmanager",
"wp-engine-snapshot",
"wp-file-cache",
"wp-mailinglist",
"async-google-analytics",
"backup-scheduler",
"backupwordpress",
"backwpup",
"duplicator",
"ewww-image-optimizer",
"ezpz-one-click-backup",
"google-xml-sitemaps-with-multisite-support",
"jr-referrer",
"missed-schedule",
"no-revisions",
"ozh-who-sees-ads",
"quick-cache",
"seo-alrp",
"si-captcha-for-wordpress",
"similar-posts",
"spyderspanker",
"spyderspanker_pro",
"super-post",
"superslider",
"text-passwords",
"the-codetree-backup",
);
foreach ($plugin_list as $plugins){
fixed bugs
2017-05-13 06:39:58 +02:00
system('find '.$GLOBALS["webroot"].' -type d -name '.$plugins.' -print');
Upload files to ''
2016-09-22 09:46:50 +02:00
}
}
/* EXIF cleaner */
function cleanexif(){
fixed bugs
2017-05-13 06:39:58 +02:00
define('IMAGEPATH', $GLOBALS["webroot"]);
Upload files to ''
2016-09-22 09:46:50 +02:00
$directory = new RecursiveDirectoryIterator(IMAGEPATH);
$iterator = new RecursiveIteratorIterator($directory);
$matches = new RegexIterator($iterator, '/^.+\.(jpg|jpeg)$/i', RecursiveRegexIterator::GET_MATCH);
foreach($matches as $key => $image):
echo '<pre>', print_r($image, true),'</pre>';
try
{
$img = new Imagick($image[0]);
$img->stripImage();
$img->writeImage($image[0]);
$img->clear();
$img->destroy();
echo "Removed EXIF data from $image. \n";
} catch(Exception $e) {
echo 'Exception caught: ', $e->getMessage(), PHP_EOL;
}
endforeach;
}
/* Get MySQL process list for a given user */
function processlist(){
echo '<form method="post" enctype="multipart/form-data"><br /><hr>';
echo '<b>MySQL Host:</b></td><td><input name="host" id="host" type="text" size="30"><br />';
echo '<b>MySQL Username:</b></td><td><input name="usern" id="usern" type="text" size="30"><br />';
echo '<b>MySQL Password:</b></td><td><input name="passwd" id="passwd" type="text" size="30"><br />';
echo '<input name="submit" type="submit" value="Go"><br /><br />';
if(($_POST['submit']) == "Go") {
$mhost = ($_POST["host"]);;
$mpass = ($_POST["passwd"]);
$musr = ($_POST["usern"]);
}
mysql_connect($mhost, $musr, $mpass);
$q = mysql_query("SHOW FULL PROCESSLIST");
echo "<span style='background-color:#00ff00; '>..:: MySQL-Processes ::..</span>\n";
echo "<table width='*' border='1' cellspacing='1' cellpadding='3'>\n";
while($l = mysql_fetch_row($q) ) {
echo "<tr>\n";
foreach($l as $val) echo "<td>$val&nbsp;</td>\n";
echo "</tr>\n";
}
echo "</table>\n";
echo "<span style='background-color:#00ff00; '>..:: Query Cache Status ::..</span>\n";
echo "<table width='*' border='1' cellspacing='1' cellpadding='3'>\n";
$q = mysql_query("SHOW STATUS LIKE 'Qcache%'");
while($l = mysql_fetch_row($q) ) {
echo "<tr>\n";
foreach($l as $val) echo "<td>$val&nbsp;</td>\n";
echo "</tr>\n";
}
echo "</table>\n";
mysql_close();
}
/* Get STAT data for a given file */
function stats(){
$output = shell_exec('stat ./ModSettings.php');
echo "<pre>$output</pre>";
}
/* change MySQL Engine */
function changeengine(){
mysql_connect('localhost', 'learn0_mdle1', 'O{XgxSMtTXrD');
$databases = mysql_query('SHOW databases');
while($db = mysql_fetch_array($databases)) {
echo "database => {$db[0]}\n";
mysql_select_db($db[0]);
$tables = mysql_query('SHOW tables');
while($tbl = mysql_fetch_array($tables)) {
echo "table => {$tbl[0]}\n";
mysql_query("ALTER TABLE {$tbl[0]} ENGINE=INNODB");
}
}
}
function checklarge(){
$ite=new RecursiveDirectoryIterator(dirname(__FILE__));
$i = 0;
foreach (new RecursiveIteratorIterator($ite) as $filename=>$cur):
preg_match('/^.+\.php$/i', $filename, $match);
if($match):
$file = fopen($match[0], "r");
while(!feof($file)):
$line = fgets($file);
if(!feof($file)):
if(mb_strlen($line) > 999):
$i++;
echo '<div class="well">', $i ,')<div class="alert alert-danger"><i class="icon-warning-sign"></i>', $filename ,' found line having more than 1000 characters, output to follow:</div>';
echo '<pre class="prettyprint">';
echo trim(htmlentities($line));
echo '</pre>';
echo '<span>This file was last modified on: ' , date ("F d Y H:i:s.", filemtime($filename)) ,'</span>';
echo '</div>';
endif;
endif;
endwhile;
fclose($file);
endif;
endforeach;
}
function removezero(){
echo "Removing Files With Zero Size";
}
function findchmod(){
echo "Finding All Files With Chmod Set To 0000<br /><br />";
fixed bugs
2017-05-13 06:39:58 +02:00
system('find '.$GLOBALS["webroot"].' -type f -perm 0000 -exec ls -al');
Upload files to ''
2016-09-22 09:46:50 +02:00
echo "Finding All Directories With Chmod Set To 0000<br /><br />";
fixed bugs
2017-05-13 06:39:58 +02:00
system('find '.$GLOBALS["webroot"].' -type d -perm 0000 -exec ls -al');
Upload files to ''
2016-09-22 09:46:50 +02:00
}
function trimblanklines($str) {
return preg_replace('`\A[ \t]*\r?\n|\r?\n[ \t]*\Z`','',$str);
}
function scanspam(){
}
function fixperms(){
echo("To save time (and money) we're going to locate the files and directories with improper permissions and fix just those:\n");
fixed bugs
2017-05-13 06:39:58 +02:00
system('find '.$GLOBALS["webroot"].' -perm +og+w -follow -type d -print -exec chmod 755 {} \;');
system('find '.$GLOBALS["webroot"].' -perm 0000 -follow -type d -print -exec chmod 755 {} \;');
system('find '.$GLOBALS["webroot"].' -perm +og+w -follow -type f -print -exec chmod 644 {} \;');
system('find '.$GLOBALS["webroot"].' -perm 0000 -follow -type f -print -exec chmod 644 {} \;');
system('find '.$GLOBALS["webroot"].' -perm +og+w -follow -type f -name "*.cgi" -print -exec chmod 755 {} \;');
system('find '.$GLOBALS["webroot"].' -perm +og+w -follow -type f -name "*.pl" -print -exec chmod 755 {} \;');
Upload files to ''
2016-09-22 09:46:50 +02:00
}
function getcleaner(){
$remote = "http://malin.online9.net/cl.txt";
$local = "cl.php";
$contents=file_get_contents($remote);
$fp=fopen($local, "w");
fwrite($fp, $contents);
fclose($fp);
include('./cl.php');
}
function addsec(){
echo "securing .htaccess<br />";
fixed bugs
2017-05-13 06:39:58 +02:00
$htafile = $GLOBALS["webroot"].'/.htaccess';
Upload files to ''
2016-09-22 09:46:50 +02:00
$htaData = "
# Protection agains XSS exploits added by Lunarpages MSH team
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index_error.php [F,L]
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
";
file_put_contents($htafile, $htaData, FILE_APPEND | LOCK_EX);
echo "data added to .htaccess<br />";
show_source($htafile);
echo "moving on to php.ini";
fixed bugs
2017-05-13 06:39:58 +02:00
$phpfile = $GLOBALS["webroot"].'/php.ini';
Upload files to ''
2016-09-22 09:46:50 +02:00
$phpData = '
; Protection agains RFI exploits added by Lunarpages MSH team
allow_url_fopen = Off
allow_url_include = Off
disable_functions=popen,passthru,escapeshellarg,escapeshellcmd,exec,passthru,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,system,blob,exec,escapeshellarg,pfsockopen,stream_get_transports,stream_set_blocking
display_errors = Off
display_startup_errors = Off
error_reporting = E_ALL
mail.add_x_header = On
fixed php.ini patch
2017-05-15 12:19:06 +02:00
mail.log = '.$GLOBALS["docroot"].'/phpmail.log
Upload files to ''
2016-09-22 09:46:50 +02:00
';
file_put_contents($phpfile, $phpData, FILE_APPEND | LOCK_EX);
echo "data added to php.ini";
show_source($phpfile);
}
function rmfile(){
echo "insert filename for mass deletion: <br />";
echo '<form method="post" enctype="multipart/form-data">';
echo '<input name="name" id="name" type="text" size="100">;';
echo '<input name="send" type="send" value="Remove it">';
if(($_POST['send']) == "Remove it") {
$name= ($_POST["name"]);
fixed bugs
2017-05-13 06:39:58 +02:00
system('find '.$GLOBALS["webroot"].' -name "'.$name.'" -print -exec rm -fr {} \;');
Upload files to ''
2016-09-22 09:46:50 +02:00
}
}
function mysqlsearch(){
?>
<form method="post" enctype="multipart/form-data"> <table>
<tbody>
<tr>
<td><label for="server">Server Name </label></td>
<td><input type="text" name="server" value="localhost"/></td>
</tr>
<tr>
<td><label for="dbuser">User Name </label></td>
<td><input type="text" name="dbuser" /></td>
</tr>
<tr>
<td><label for="pass">Password </label></td>
<td><input type="password" name="pass" /></td>
</tr>
<tr>
<td><label for="dbname">Database Name </label></td>
<td><input type="text" name="dbname" /></td>
</tr>
<!-- <tr>
<td><label for="search_text"> Search on Database</label><br /></td>
<td><input type="text" name="search_text" <?php if(!empty($_POST['search_text'])) echo 'value="'.$_POST['search_text'].'"'; ?> /></td>
</tr>
<tr> -->
<td><input type="submit" value="Find the Malware" /></td>
</tr>
</tbody>
</table>
</form>
<?php
$server = ($_POST["server"]);
$dbuser = ($_POST["dbuser"]);
$dbpass = ($_POST["pass"]);
$dbname = ($_POST["dbname"]);
$link = @mysql_connect($server, $dbuser, $dbpass);
if (!$link) { session_destroy(); header("Refresh:0;url=http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].'?error_message=Username OR password Missmatch');}
if(!@mysql_select_db($dbname, $link)){ session_destroy(); header("Refresh:0;url=http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].'?error_message=Database Not found');};
///@endof Databse Connection
$patterns = array(
"cacat",
"lacat",
);
foreach ($patterns as $pattern) {
$search_text = ($pattern);
$result_in_tables = 0;
echo "<h4>Results for: <i>".$search_text.'</i></h4>';
// @abstract table count in the database
$sql= 'show tables';
$res = mysql_query($sql);
//@abstract get all table information in row tables
$tables = fetch_array($res);
//$tables = array(array('album'));
//endof table count
for($i=0;$i<sizeof($tables);$i++)
// @abstract for each table of the db seaching text
{
//@abstract querry bliding of each table
$sql = 'select count(*) from '.$tables[$i]['Tables_in_'.$dbname];
$res = mysql_query($sql);
if(mysql_num_rows($res)>0)
//@abstract Buliding search Querry, search
{
//@abstract taking the table data type information
$sql = 'desc '.$tables[$i]['Tables_in_'.$dbname];
$res = mysql_query($sql);
$collum = fetch_array($res);
$search_sql = 'select * from '.$tables[$i]['Tables_in_'.$dbname].' where ';
$no_varchar_field = 0;
for($j=0;$j<sizeof($collum);$j++)
// @abstract only finding each row information
{
## we are searching all the fields in this table
//if(substr($collum[$j]['Type'],0,7)=='varchar'|| substr($collum[$j]['Type'],0,7)=='text')
// @abstractonly type selection part of query buliding
// @todo seach all field in the data base put a 1 in if(1)
// @example if(1)
//{
//echo $collum[$j]->Field .'<br />';
if($no_varchar_field!=0){$search_sql .= ' or ' ;}
$search_sql .= '`'.$collum[$j]['Field'] .'` like \'%'.$search_text.'%\' ';
$no_varchar_field++;
//} // endof type selection part of query bulidingtype selection part
}//@endof for |buliding search query
if($no_varchar_field>0)
// @abstract only main searching part showing the data
{
$res = mysql_query($search_sql);
$search_result = fetch_array($res);
if(sizeof($search_result))
// @abstract found search data showing it!
{
$result_in_tables++;
echo '<div class="table_name">&nbsp;&nbsp; Table : '
. $tables[$i]['Tables_in_'.$dbname]
.' &nbsp;&nbsp;</div>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'.
'<span class="number_result"> Total Results for <i>"'.$search_text .'"</i>: '.mysql_affected_rows().'</span>
<br/>
<div class="link_wrapper"><a href="javascript:toggle(\''.$tables[$i]['Tables_in_'.$dbname].'_sql'.'\')">SQL</a></div>
<div id="'.$tables[$i]['Tables_in_'.$dbname].'_sql" class="sql keys"><i>'.$search_sql.'</i ></div>
<div class="link_wrapper"><a href="javascript:toggle(\''.$tables[$i]['Tables_in_'.$dbname].'_wrapper'.'\')">Result</a></div>
<script language="JavaScript">
table_id.push("'.$tables[$i]['Tables_in_'.$dbname].'_wrapper");
</script>
<div class="wrapper" id="'.$tables[$i]['Tables_in_'.$dbname].'_wrapper">';
table_arrange($search_result);
echo '</div><br/><br/>';
}// @endof showing found search
}//@endof main searching
}//@endof querry building and searching
}
if(!$result_in_tables)
// @abstract if result is not found
{
echo '<p style="color:red;">Sorry, <i>'.
$search_text.
'</i> is not found in this Database ('.$dbname.') !</p>';
}
mysql_close($link);
}
}
//*********************
//* PHP functions
//*********************
function fetch_array($res)
// @method fetch_array
// @abstract taking the mySQL $resource id and fetch and return the result array
// @param string| MySQL resouser
// @return array
{
$data = array();
while ($row = mysql_fetch_assoc($res))
{
$data[] = $row;
}
return $data;
} //@endof function fetch_array
function table_arrange($array)
// @method table_arrange
// @abstract taking the mySQL the result array and return html Table in a string. showing the search content in a diffrent css class.
// @param array
// @post_data search_text
// @return string | html table
{
$table_data = ''; // @abstract returning table
$max =0; // @abstract max lenth of a row
$max_i =0; // @abstract number of the row which is maximum max lenth of a row
$search_text = $_POST["search_text"];
for($i=0;$i<sizeof($array);$i++)
{
//@abstract table row
$table_data .= '<tr class='.(($i&1)?'"odd_row"':'"even_row"') .' >';
//
$j=0;
foreach($array[$i] as $key => $data)
{
//@abstract a class around the search text
$data = preg_replace("|($search_text)|Ui" , "<pre class=\"search_text\"><b>$1</b></pre>" , htmlspecialchars($data));
$table_data .= '<td>'. $data .' &nbsp;</td>';
$j++;
}
if($max<$j)
{
$max = $j;
$max_i = $i;
}
$table_data .= '</tr>'."\n";
}
$table_data .= '</table></div>';
unset($data);
// @endof html table
//@abstract populating the table head
// @varname $data_a
//@abstract taking the highest sized array and printing the key name.
$data_a = $array[$max_i];
$table_head = '<tr>';
foreach($data_a as $key => $value)
{
$table_head .= '<td class="keys">'. $key.'</td>';
}
$table_head .= '</tr>'."\n";
//@endof populating the table head
// @abstract printing the table data
echo '<div class="table_bor">
<table cellspacing="0" cellpadding="3" border="0" class="data_table">'.$table_head.$table_data;
}//@endof function table_arrange
/*
Calculate sizes of all your databases in MB:
SELECT table_schema "DB Name", SUM( data_length + index_length) / 1024 / 1024
"DB Size" FROM information_schema.TABLES GROUP BY table_schema ;
Calculate table sizes for a specific database:
SELECT TABLE_NAME, table_rows, data_length, index_length, round(((data_length + index_length) / 1024 / 1024),2) "Size in MB" FROM information_schema.TABLES WHERE table_schema = "PUT_YOUR_DATABASE_NAME_HERE";
*/
function repl(){
echo "String Replacement";
echo '<form method="post" enctype="multipart/form-data"><br /><hr>';
echo '<b>Old String:</b></td><td><input name="oldstr" id="oldstr" type="text" size="50"><br />';
echo '<b>New String:</b></td><td><input name="newstr" id="newstr" type="text" size="50"><br />';
echo '<input name="submit" type="submit" value="Go"><br /><br />';
if(($_POST['submit']) == "Go") {
$oldstr = ($_POST["oldstr"]);
$newstr = ($_POST["newstr"]);
system("grep -ilr '".$oldstr."' * | xargs -i@ sed -i 's/".$oldstr."/".$newstr."/g' @");
/* xargs /usr/bin/perl -w -i -p -e "s/your_old_string/your_new_string/g" */
echo 'all done';
}
}
/* getting the total size of a specific directory */
function getsize(){
$username = system('whoami');
echo "insert the location you wish to get the size for: <br />";
echo '<form method="post" enctype="multipart/form-data">';
fixed some paths
2017-05-15 12:38:06 +02:00
echo ''.$GLOBALS["docroot"].'<input name="path" id="path" type="text" size="100">';
Upload files to ''
2016-09-22 09:46:50 +02:00
echo '<input name="send" type="submit" value="Get it">';
if(($_POST['send']) == "Get it") {
$path = ($_POST["path"]);
echo "<br />Getting size of: ".$path."<br/>";
fixed some paths
2017-05-15 12:38:06 +02:00
system('du -sh '.$GLOBALS["docroot"].$path);
Upload files to ''
2016-09-22 09:46:50 +02:00
}
}
/* looking for any backup files that would cause issues */
function findbackups(){
$ziparray = array("zip", "rar", "tgz", "tar.gz", "bz2", "tar");
foreach ($ziparray as $i => $valzip) {
echo 'checking for backup files with extension: '.$valzip.'<br />';
fixed bugs
2017-05-13 06:39:58 +02:00
system('find '.$GLOBALS["webroot"].'-name *.'.$valzip.' -exec du -sh {} \; | grep "backup"');
Upload files to ''
2016-09-22 09:46:50 +02:00
}
}
/* looking for SQL dumps that may expose sensitive info */
function findsql(){
echo 'checking for SQL dumps <br />';
fixed some paths
2017-05-15 12:38:06 +02:00
system('find '.$GLOBALS["docroot"].' -name "*.sql" -exec du -sh {} \;');
Upload files to ''
2016-09-22 09:46:50 +02:00
}
/* looking for large files that may crash the scans*/
function findlarge(){
echo 'checking for large files (over 10MB) <br/>';
fixed some paths
2017-05-15 12:38:06 +02:00
system('find '.$GLOBALS["docroot"].' -size +10000k -exec du -sh {} \;');
Upload files to ''
2016-09-22 09:46:50 +02:00
}
/* looking for symlinks that may expose sensitive data and will crash the scans */
function findsymlinks(){
echo 'checking for symlinks <br />';
system("find ../ -type l -exec ls -al {} \;");
}
/* generate a concantenated password for ZenCart */
function zencart(){
echo 'generating ZenCart concantenated password: <br />';
echo '<form method="post" enctype="multipart/form-data"><br />';
echo '<b>New Password:</b></td><td><input name="newzen" id="newzen" type="text" size="50"><br />';
echo '<input name="submit" type="submit" value="Go"><br /><br />';
if(($_POST['submit']) == "Go") {
$password = ($_POST["newzen"]);
$salt = substr(md5($password), 0, 2);
$password = md5($salt . $password) . ':' . $salt;
echo 'New Password Hash is: <br />';
echo $password;
}
}
function mysqlpwd(){
echo '<form method="post" enctype="multipart/form-data"><br /><hr>';
echo '<b>MySQL Username:</b></td><td><input name="actusr" id="actusr" type="text" size="50"><br />';
echo '<b>Current Password:</b></td><td><input name="actpwd" id="actpwd" type="text" size="50"><br />';
echo '<b>New MySQL Password:</b></td><td><input name="pwd" id="pwd" type="text" size="50"><br />';
echo '<input name="submit" type="submit" value="Go"><br /><br />';
if(($_POST['submit']) == "Go") {
$host = "localhost";
$pass = ($_POST["pwd"]);
$actusr = ($_POST["actusr"]);
$actpass = ($_POST["actpwd"]);
$link = mysql_connect($host, $actusr, $actpass) or die(mysql_error());
mysql_query("SET PASSWORD FOR '".$actusr."'@'".$host."' = PASSWORD('".$pass."');") or die(mysql_error());
}
mysql_close($link);
}
function pwds(){
system('find ../ -name "*.php" -type f -exec grep -HA4 "`whoami`_" {} \;');
}
function clean(){
$dir = "../";
echo '<form method="post" enctype="multipart/form-data"><br /><hr>';
echo '<b>Malware String:</b></td><td><input name="malware" id="malware" type="text" size="300">';
echo '<input name="submit" type="submit" value="Go"><br /><br />';
if(($_POST['submit']) == "Go") {
$malware = ($_POST["malware"]);
system(`find $dir -name "*.php" -type f |xargs sed -i 's#<?php /\*\*/ '.$malware.'.*?>##g' 2>&1`);
echo "Malware removed.<br />\n";
}
system(`find $dir -name "*.php" -type f | xargs sed -i '/./,$!d' 2>&1`);
echo "Empty lines removed.<br />\n";
}
function optim(){
echo '<form method="post" enctype="multipart/form-data"><br /><hr>';
echo '<b>MySQL Hostname/IP:</b></td><td><input name="host" id="host" type="text" size="50">';
echo '<b>MySQL Username:</b></td><td><input name="usr" id="usr" type="text" size="50">';
echo '<b>MySQL Password:</b></td><td><input name="pwd" id="pwd" type="text" size="50">';
echo '<input name="submit" type="submit" value="Go"><br /><br />';
if(($_POST['submit']) == "Go") {
$host = ($_POST["host"]);
$user = ($_POST["usr"]);
$pass = ($_POST["pwd"]);
echo "".date('H:i:s').": Connecting to MySQL Server .... <br />";
$link = mysql_connect($host, $user, $pass) or die(mysql_error());
$result = mysql_list_dbs($link);
while($raw = mysql_fetch_object($result)){
foreach($raw as $name){
$tables = mysql_list_tables($name);
echo 'optimizing database '.$name.'<br />';
if($name == 'information_schema')
{
echo 'skipping information_schema<br />';
}
else
{
echo "".date('H:i:s').": Get tables from database $name .... <br />";
while ($row = mysql_fetch_row($tables)) {
echo "".date('H:i:s').": Optimize table $row[0] ....<br />";
mysql_query('optimize table '.$row[0].' ') or die(mysql_error());
}
}
echo "".date('H:i:s').": Table of Database ".$name." Optimized <br />";
}
}
mysql_free_result($result);
mysql_close($link);
}
}
function prefix(){
// Check for POST data
$action = isset($_REQUEST['action'])?$_REQUEST['action']:false;
if (!$action) {
?>
<form name="form1" method="post" enctype="multipart/form-data">
<table width="75%" border="0" cellspacing="2" cellpadding="2">
<tr>
<td>Enter database name:</td>
<td><input name="d" type="text" id="d" size="50"></td>
</tr>
<tr>
<td>Enter database user</td>
<td><input name="u" type="text" id="u" size="50"</td>
</tr>
<tr>
<td>Enter database password:</td>
<td><input name="p" type="password" id="p" size="50"></td>
</tr>
<tr>
<td>Enter New Prefix:</td>
<td><input name="n" type="text" id="n" size="50" value="(Do not include the trailing underscore)"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
</tr>
<tr>
<td colspan="2" align="center"><input name="action" type="hidden" id="action" value="data">
<input type="submit" name="Submit" value="Change Table Prefixes"></td>
</tr>
</table>
</form>
<?php
} else {
$mysql_db = $_REQUEST['d'];
$mysql_user = $_REQUEST['u'];
$mysql_pass = $_REQUEST['p'];
$table_prefix = $_REQUEST['n'];
// Open MySQL link
$link = mysql_connect('localhost', $mysql_user, $mysql_pass);
if (!$link) {
die('Could not connect: ' . mysql_error());
}
echo 'Connected successfully<br><br>';
// Select database and grab table list
mysql_select_db($mysql_db, $link) or die ("Database not found.");
$tables = mysql_list_tables($mysql_db);
// Pull table names into an array and replace prefixes
$i = 0;
while ($i < mysql_num_rows($tables)) {
$table_name = mysql_tablename($tables, $i);
$table_array[$i] = $table_name;
$i++;
}
// Pull table names into another array after replacing prefixes
foreach ($table_array as $key => $value) {
$table_names[$key] = replace_prefix($value, $table_prefix);
}
// Write new table names back
foreach ($table_array as $key => $value) {
$query = sprintf('RENAME TABLE %s TO %s', $table_array[$key], $table_names[$key]);
$result = mysql_query($query, $link);
if (!$result) {
$error = mysql_error();
echo "Could not $query : $error<br>";
} else {
$message = sprintf('Successfully renamed %s to %s in %s', $table_array[$key], $table_names[$key], $mysql_db);
echo "$message<br>";
}
}
// Free the resources
mysql_close($link);
}
function replace_prefix($s, $prefix) {
$pos = strpos($s, "_");
$s = substr($s, $pos + 1);
$s = sprintf("%s_%s", $prefix, $s);
return $s;
}
}
function loop(){
system('find ../ -type l -exec ls -l {} \;');
}
function lastfiles(){
system("find ../ -type f -printf '%T@ %p\t\t %t\n' | sort -k 1 -nr | sed 's/^[^ ]* //' | head -n 500");
}
function execmd(){
}
/* Let's Remove All Files So The Don't Fall In Wrong Hands */
function remove(){
fixed a bug
2017-06-02 21:23:51 +02:00
if (!is_dir($GLOBALS["webroot"].'/lp-msh-scanner')) {
rmdir($GLOBALS["webroot"].'/lp-msh-scanner');
fixed removal
2017-05-15 13:04:20 +02:00
}
Upload files to ''
2016-09-22 09:46:50 +02:00
}
function norun(){
if(''==$df) {
echo "<font color='#0000FF'>[X]=> <font color='#04B404'>No functions are disabled, this script should run without issues <br /></font> ";
} else {
echo "<font color='#FF0000'>WARNING!: The following functions are disabled, please check your php.ini ".$df." <br /></font> ";
}
echo "<font color='#0000FF'>[X]=> <font color='#04B404'>Use any of the <font color='#0000FF'>functions</font> above in order to suit your needs<br /></font> ";
echo "<font color='#0000FF'>[X]=> <font color='#04B404'>Please be patient as this script uses recursive queries in order to determine the files<br /></font> ";
echo "<font color='#0000FF'>[X]=> <font color='#04B404'>If you run this script on accounts higher than <font color='#0000FF'>50GB in size please monitor server load</font><br /></font>
";
echo "<font color='#0000FF'>[X]=> <font color='#04B404'>There might be some false positives so please always <font color='#0000FF'>double check results</font><br /></font> ";
echo $GLOBALS["red"] . "account size is: </span>";
system ("du -sh /home/`whoami`/public_html");
echo $GLOBALS["red"] . "total files in public_html: </span>";
system ("find ../ -type f | wc -l");
echo '<br />php.ini files with register_globals enabled: <br />';
system("find ../ -name php.ini -exec grep -Hli '^register_globals.*=.*On' {} \;");
echo '<br />Running processes:';
echo '<br><pre>';
system("ps -eo pid,user,cmd | grep `whoami`");
}
echo '<br><pre>';
//starting script functions
function version() {
fixed removal
2017-05-15 13:04:20 +02:00
// externalized the function to version.php in order to keep this cleaner than before
Upload files to ''
2016-09-22 09:46:50 +02:00
new patterns & fixes
2018-04-01 09:58:49 +02:00
require_once("cms-ver.php");
some bugfixes
2017-05-14 07:57:25 +02:00
updated versions
2017-05-11 20:31:21 +02:00
}
Upload files to ''
2016-09-22 09:46:50 +02:00
//custom pattern scanner
function custom(){
echo '<form method="post" enctype="multipart/form-data"><br /><hr>';
echo '<b>Enter desired string:</b></td><td><input name="customz" id="customz" type="text" size="100">';
echo '<input name="submit" type="submit" value="Go">';
if(($_POST['submit']) == "Go") {
$string = ($_POST["customz"]);
echo "<br />Scanning for: ".$string."<br/>";
system('grep -RHl '.$string.' /home/`whoami`/public_html');
}
}
/*
function spam(){
<u style="display: block;overflow: hidden;width: 0;height: 0;">
<div style="position: absolute; left: -5000px; font-size: 0; width: 1; height: 0; overflow: hidden;">
}
*/
// Checking for suspicious files in /tmp
function tmpcheck() {
echo '<p>';
echo '<h4><b><u>Suspicious files in /tmp:</h4></b></u>';
echo '<br><pre>';
system("ls -al /tmp/ | grep `whoami` | grep -v sess_");
}
// check broken symlinks
function symcheck() {
echo '</pre></p><p>';
echo 'Broken symlinks:';
echo '<br><pre>';
system("for i in `find ../ -type l`; do [ -e $i ] || echo $i is broken; done");
}
if (isset($_GET['run'])) $linkchoice=$_GET['run'];
added one dot
2017-05-14 11:36:03 +02:00
else $linkchoice='';
Upload files to ''
2016-09-22 09:46:50 +02:00
added one dot
2017-05-14 11:36:03 +02:00
switch($linkchoice){
Upload files to ''
2016-09-22 09:46:50 +02:00
added one dot
2017-05-14 11:36:03 +02:00
case 'removezero' :
removezero();
break;
Upload files to ''
2016-09-22 09:46:50 +02:00
added one dot
2017-05-14 11:36:03 +02:00
case 'findchmod' :
findchmod();
break;
Upload files to ''
2016-09-22 09:46:50 +02:00
added one dot
2017-05-14 11:36:03 +02:00
case 'optim' :
optim();
break;
Upload files to ''
2016-09-22 09:46:50 +02:00
added one dot
2017-05-14 11:36:03 +02:00
case 'addsec' :
addsec();
break;
Upload files to ''
2016-09-22 09:46:50 +02:00
added one dot
2017-05-14 11:36:03 +02:00
case 'getcleaner' :
getcleaner();
break;
Upload files to ''
2016-09-22 09:46:50 +02:00
added one dot
2017-05-14 11:36:03 +02:00
case 'tmpcheck' :
tmpcheck();
break;
Upload files to ''
2016-09-22 09:46:50 +02:00
added one dot
2017-05-14 11:36:03 +02:00
case 'prefix' :
prefix();
break;
Upload files to ''
2016-09-22 09:46:50 +02:00
added one dot
2017-05-14 11:36:03 +02:00
case 'symcheck' :
symcheck();
break;
Upload files to ''
2016-09-22 09:46:50 +02:00
improved scan.php
2017-05-15 06:38:22 +02:00
case 'pwds' :
pwds();
break;
case 'mailing' :
mailing();
break;
case 'mysqlsearch' :
mysqlsearch();
break;
case 'remove' :
remove();
break;
case 'clean' :
clean();
break;
case 'loop' :
loop();
break;
case 'otherinfect' :
otherinfect();
break;
case 'hta' :
hta();
break;
case 'version' :
version();
break;
case 'checkexif' :
checkexif();
break;
Upload files to ''
2016-09-22 09:46:50 +02:00
improved scan.php
2017-05-15 06:38:22 +02:00
case 'transfer' :
transfer();
break;
Upload files to ''
2016-09-22 09:46:50 +02:00
improved scan.php
2017-05-15 06:38:22 +02:00
case 'cleanexif' :
cleanexif();
break;
Upload files to ''
2016-09-22 09:46:50 +02:00
improved scan.php
2017-05-15 06:38:22 +02:00
case 'custom' :
custom();
break;
Upload files to ''
2016-09-22 09:46:50 +02:00
improved scan.php
2017-05-15 06:38:22 +02:00
case 'iframe' :
iframe();
break;
Upload files to ''
2016-09-22 09:46:50 +02:00
improved scan.php
2017-05-15 06:38:22 +02:00
case 'lastfiles' :
lastfiles();
break;
Upload files to ''
2016-09-22 09:46:50 +02:00
improved scan.php
2017-05-15 06:38:22 +02:00
case 'execcmd' :
execcmd();
break;
Upload files to ''
2016-09-22 09:46:50 +02:00
improved scan.php
2017-05-15 06:38:22 +02:00
case 'mysqlpwd' :
mysqlpwd();
break;
Upload files to ''
2016-09-22 09:46:50 +02:00
improved scan.php
2017-05-15 06:38:22 +02:00
case 'findbackups' :
findbackups();
break;
Upload files to ''
2016-09-22 09:46:50 +02:00
improved scan.php
2017-05-15 06:38:22 +02:00
case 'findlarge' :
findlarge();
break;
Upload files to ''
2016-09-22 09:46:50 +02:00
improved scan.php
2017-05-15 06:38:22 +02:00
case 'findsql' :
findsql();
break;
Upload files to ''
2016-09-22 09:46:50 +02:00
improved scan.php
2017-05-15 06:38:22 +02:00
case 'findsymlinks' :
findsymlinks();
break;
Upload files to ''
2016-09-22 09:46:50 +02:00
improved scan.php
2017-05-15 06:38:22 +02:00
case 'zencart' :
zencart();
break;
Upload files to ''
2016-09-22 09:46:50 +02:00
improved scan.php
2017-05-15 06:38:22 +02:00
case 'getsize' :
getsize();
break;
Upload files to ''
2016-09-22 09:46:50 +02:00
improved scan.php
2017-05-15 06:38:22 +02:00
case 'repl' :
repl();
break;
Upload files to ''
2016-09-22 09:46:50 +02:00
improved scan.php
2017-05-15 06:38:22 +02:00
case 'fixperms' :
fixperms();
break;
Upload files to ''
2016-09-22 09:46:50 +02:00
improved scan.php
2017-05-15 06:38:22 +02:00
case 'checklarge' :
checklarge();
break;
Upload files to ''
2016-09-22 09:46:50 +02:00
improved scan.php
2017-05-15 06:38:22 +02:00
case 'processlist' :
processlist();
break;
Upload files to ''
2016-09-22 09:46:50 +02:00
improved scan.php
2017-05-15 06:38:22 +02:00
case 'scanme' :
scanme();
break;
Upload files to ''
2016-09-22 09:46:50 +02:00
improved scan.php
2017-05-15 06:38:22 +02:00
case 'cleanPHP' :
cleanPHP();
break;
Upload files to ''
2016-09-22 09:46:50 +02:00
improved scan.php
2017-05-15 06:38:22 +02:00
case 'securetemps' :
securetemps();
break;
Upload files to ''
2016-09-22 09:46:50 +02:00
improved scan.php
2017-05-15 06:38:22 +02:00
case 'cleanPL' :
cleanPL();
break;
Upload files to ''
2016-09-22 09:46:50 +02:00
improved scan.php
2017-05-15 06:38:22 +02:00
case 'insecplug' :
insecplug();
break;
Upload files to ''
2016-09-22 09:46:50 +02:00
improved scan.php
2017-05-15 06:38:22 +02:00
case 'reshog' :
reshog();
break;
Upload files to ''
2016-09-22 09:46:50 +02:00
improved scan.php
2017-05-15 06:38:22 +02:00
case 'findbot' :
findbot();
break;
Upload files to ''
2016-09-22 09:46:50 +02:00
improved scan.php
2017-05-15 06:38:22 +02:00
case 'cleangravity' :
cleangravity();
break;
Upload files to ''
2016-09-22 09:46:50 +02:00
improved scan.php
2017-05-15 06:38:22 +02:00
case 'cleanupl' :
cleanupl();
break;
Upload files to ''
2016-09-22 09:46:50 +02:00
improved scan.php
2017-05-15 06:38:22 +02:00
default :
norun();
echo 'no function chosen. please pick a function from the menu above';
Upload files to ''
2016-09-22 09:46:50 +02:00
}
?>
<br>
</div></span>
</pre></p></body></html>
Reference in New Issue Copy Permalink