From 1a1d952dd82a2dfdae4e26a8691bdbc21f7529ed Mon Sep 17 00:00:00 2001 From: Palma Solutions LTD Date: Sun, 6 May 2018 12:10:05 +0200 Subject: [PATCH] converted cms-ver.php back to web --- cms-ver.php | 48 ++++++++++++++++++++++++------------------------ malwaresh.pl | 2 +- 2 files changed, 25 insertions(+), 25 deletions(-) diff --git a/cms-ver.php b/cms-ver.php index 913cc29..c5ad0ad 100644 --- a/cms-ver.php +++ b/cms-ver.php @@ -204,10 +204,10 @@ foreach(glob("../{**/*,*}".$row[1], GLOB_BRACE) as $versionfile){ $pattern = preg_quote($row[2], '/'); $pattern = "/^.*$pattern.*\$/m"; if(preg_match_all($pattern, $file, $matches)){ - echo "\n"; - echo "\n".$row[0]." found - (".$row[3]."):\n"; - echo implode("\n", $matches[0]); - echo "\n"; + echo "
"; + echo "
".$row[0]." found - (".$row[3]."):
"; + echo implode("
", $matches[0]); + echo "
"; $location = $versionfile; $trim = str_replace($row[1], '', $location); print_r ("location:".$trim); @@ -223,10 +223,10 @@ foreach(glob("../".$row[1], GLOB_BRACE) as $versionfile) { $pattern = preg_quote($row[2], '/'); $pattern = "/^.*$pattern.*\$/m"; if(preg_match_all($pattern, $file, $matches)){ - echo "\n"; - echo "\n".$row[0]." found - (".$row[3]."):\n"; - echo implode("\n", $matches[0]); - echo "\n"; + echo "
"; + echo "
".$row[0]." found - (".$row[3]."):
"; + echo implode("
", $matches[0]); + echo "
"; $location = $versionfile; $trim = str_replace($row[1], '', $location); print_r ("location:".$trim); @@ -256,10 +256,10 @@ foreach(glob("../{**/*,*}".$raw[1], GLOB_BRACE) as $versionfiles){ $pattern2 = preg_quote($raw[3], '/'); $pattern = "/^.*$pattern1.*\$|^.*$pattern2.*\$/m"; if(preg_match_all($pattern, $file, $matches)){ - echo "\n"; - echo "\n".$raw[0]." found - (".$raw[4]."):\n"; - echo implode("\n", $matches[0]); - echo "\n"; + echo "
"; + echo "
".$raw[0]." found - (".$raw[4]."):
"; + echo implode("
", $matches[0]); + echo "
"; $location = $versionfiles; $trim = str_replace($raw[1], '', $location); print_r ("location:".$trim); @@ -275,10 +275,10 @@ foreach(glob("../".$raw[1], GLOB_BRACE) as $versionfiles) { $pattern2 = preg_quote($raw[3], '/'); $pattern = "/^.*$pattern1.*\$|^.*$pattern2.*\$/m"; if(preg_match_all($pattern, $file, $matches)){ - echo "\n"; - echo "\n".$raw[0]." found - (".$raw[4]."):\n"; - echo implode("\n", $matches[0]); - echo "\n"; + echo "
"; + echo "
".$raw[0]." found - (".$raw[4]."):
"; + echo implode("
", $matches[0]); + echo "
"; $location = $versionfiles; $trim = str_replace($raw[1], '', $location); print_r ("location:".$trim); } @@ -307,10 +307,10 @@ foreach(glob("../{**/*,*}".$rxw[1], GLOB_BRACE) as $versionfilex){ $pattern3 = preg_quote($rxw[4], '/'); $pattern = "/^.*$pattern1.*\$|^.*$pattern2.*\$|^.*$pattern3.*\$/m"; if(preg_match_all($pattern, $file, $matches)){ - echo "\n"; - echo "\n".$rxw[0]." found - (".$rxw[5]."):\n"; - echo implode("\n", $matches[0]); - echo "\n"; + echo "
"; + echo "
".$rxw[0]." found - (".$rxw[5]."):
"; + echo implode("
", $matches[0]); + echo "
"; $location = $versionfilex; $trim = str_replace($rxw[1], '', $location); print_r ("location:".$trim); @@ -327,10 +327,10 @@ foreach(glob("../".$rxw[1], GLOB_BRACE) as $versionfilex) { $pattern3 = preg_quote($rxw[4], '/'); $pattern = "/^.*$pattern1.*\$|^.*$pattern2.*\$|^.*$pattern3.*\$/m"; if(preg_match_all($pattern, $file, $matches)){ - echo "\n"; - echo "\n".$rxw[0]." found - (".$row[5]."):\`"; - echo implode("\n", $matches[0]); - echo "\n"; + echo "
"; + echo "
".$rxw[0]." found - (".$row[5]."):\`"; + echo implode("
", $matches[0]); + echo "
"; $location = $versionfilex; $trim = str_replace($rxw[1], '', $location); print_r ("location:".$trim); diff --git a/malwaresh.pl b/malwaresh.pl index c23518d..816b931 100644 --- a/malwaresh.pl +++ b/malwaresh.pl @@ -26,6 +26,7 @@ print "Content-type: text/html\n\n"; my $user = $ARGV[0]; my @regexen = ( + qr/<\?php.+?\$([A-z0-9]{1,20})\=\(([0-9]{1,5})\-([0-9]{1,5})\)\;\s+\$([A-z0-9]{1,20})\=\$([A-z0-9]{1,20})\-1\;\s+\?>/is, qr/<\?php\s+\$\{\"\\x47\\x4c\\x4fB\\x41\\x4c\\x53\"\}.+?exit\(\)\;\s+\}\Z/is, qr/<\?php\s+\/\/header\(\'Content\-Type\:text\/html\;.+?\=array\(.+?\=urldecode\(.+?\)\;exit\(\)\;\}\'\)\;\$\{\"\\x47\\x4c\\x4f\\x42\\x41\\x4c\\x53\"\}.+?\]\(\)\;\?>/is, qr/<\?php.+?\$\{\"\\x47\\x4c\\x4fB\\x41\\x4c\\x53\"\}.+?\?>/is, @@ -935,7 +936,6 @@ my @regexen = ( qr/<\?php\s+Error\_Reporting\(E\_ALL.+?FakeSender\s+by\s+POCT\s+\[FuckAV\.ru\]<\/title>.+?if\(mail\(\$to\,\s+\$subject\,\s+\$message\,\s+\$header\)\).+?\?>\s+<\/body>\s+<\/html>/is, qr/<\?\s+eval\(gzinflate\(str\_rot13\(base64\_decode\(.+?\)\)\)\)\;\s+\?>/is, qr/<\?php.+?\?>([A-z0-9]{1,20})\%([A-z0-9]{1,20})\%.+?\$([A-z0-9]{1,20})\=\$([A-z0-9]{1,20})\-1\;\s+\?>/is, - qr/<\?php.+?\$([A-z0-9]{1,20})\=\(([0-9]{1,5})\-([0-9]{1,5})\)\;\s+\$([A-z0-9]{1,20})\=\$([A-z0-9]{1,20})\-1\;\s+\?>/is, );