'; unset($data); // @endof html table //@abstract populating the table head // @varname $data_a //@abstract taking the highest sized array and printing the key name. $data_a = $array[$max_i]; $table_head = ''; foreach($data_a as $key => $value) { $table_head .= ''. $key.''; } $table_head .= ''."\n"; //@endof populating the table head // @abstract printing the table data echo '
'.$table_head.$table_data; }//@endof function table_arrange /* Calculate sizes of all your databases in MB: SELECT table_schema "DB Name", SUM( data_length + index_length) / 1024 / 1024 "DB Size" FROM information_schema.TABLES GROUP BY table_schema ; Calculate table sizes for a specific database: SELECT TABLE_NAME, table_rows, data_length, index_length, round(((data_length + index_length) / 1024 / 1024),2) "Size in MB" FROM information_schema.TABLES WHERE table_schema = "PUT_YOUR_DATABASE_NAME_HERE"; */ function repl(){ echo "String Replacement"; echo '
'; echo 'Old String:

'; echo 'New String:
'; echo '

'; if(($_POST['submit']) == "Go") { $oldstr = ($_POST["oldstr"]); $newstr = ($_POST["newstr"]); system("grep -ilr '".$oldstr."' * | xargs -i@ sed -i 's/".$oldstr."/".$newstr."/g' @"); /* xargs /usr/bin/perl -w -i -p -e "s/your_old_string/your_new_string/g" */ echo 'all done'; } } /* getting the total size of a specific directory */ function getsize(){ $username = system('whoami'); echo "insert the location you wish to get the size for:
"; echo ''; echo ''.$GLOBALS["docroot"].''; echo ''; if(($_POST['send']) == "Get it") { $path = ($_POST["path"]); echo "
Getting size of: ".$path."
"; system('du -sh '.$GLOBALS["docroot"].$path); } } /* looking for any backup files that would cause issues */ function findbackups(){ $ziparray = array("zip", "rar", "tgz", "tar.gz", "bz2", "tar"); foreach ($ziparray as $i => $valzip) { echo 'checking for backup files with extension: '.$valzip.'
'; system('find '.$GLOBALS["webroot"].'-name *.'.$valzip.' -exec du -sh {} \; | grep "backup"'); } } /* looking for SQL dumps that may expose sensitive info */ function findsql(){ echo 'checking for SQL dumps
'; system('find '.$GLOBALS["docroot"].' -name "*.sql" -exec du -sh {} \;'); } /* looking for large files that may crash the scans*/ function findlarge(){ echo 'checking for large files (over 10MB)
'; system('find '.$GLOBALS["docroot"].' -size +10000k -exec du -sh {} \;'); } /* looking for symlinks that may expose sensitive data and will crash the scans */ function findsymlinks(){ echo 'checking for symlinks
'; system("find ../ -type l -exec ls -al {} \;"); } /* generate a concantenated password for ZenCart */ function zencart(){ echo 'generating ZenCart concantenated password:
'; echo '
'; echo 'New Password:
'; echo '

'; if(($_POST['submit']) == "Go") { $password = ($_POST["newzen"]); $salt = substr(md5($password), 0, 2); $password = md5($salt . $password) . ':' . $salt; echo 'New Password Hash is:
'; echo $password; } } function mysqlpwd(){ echo '
'; echo 'MySQL Username:
'; echo 'Current Password:
'; echo 'New MySQL Password:
'; echo '

'; if(($_POST['submit']) == "Go") { $host = "localhost"; $pass = ($_POST["pwd"]); $actusr = ($_POST["actusr"]); $actpass = ($_POST["actpwd"]); $link = mysql_connect($host, $actusr, $actpass) or die(mysql_error()); mysql_query("SET PASSWORD FOR '".$actusr."'@'".$host."' = PASSWORD('".$pass."');") or die(mysql_error()); } mysql_close($link); } function pwds(){ system('find ../ -name "*.php" -type f -exec grep -HA4 "`whoami`_" {} \;'); } function clean(){ $dir = "../"; echo '
'; echo 'Malware String:		'; echo '

'; if(($_POST['submit']) == "Go") { $malware = ($_POST["malware"]); system(`find $dir -name "*.php" -type f |xargs sed -i 's###g' 2>&1`); echo "Malware removed.
\n"; } system(`find $dir -name "*.php" -type f | xargs sed -i '/./,$!d' 2>&1`); echo "Empty lines removed.
\n"; } function optim(){ echo '
'; echo 'MySQL Hostname/IP:		'; echo 'MySQL Username:'; echo 'MySQL Password:'; echo '

'; if(($_POST['submit']) == "Go") { $host = ($_POST["host"]); $user = ($_POST["usr"]); $pass = ($_POST["pwd"]); echo "".date('H:i:s').": Connecting to MySQL Server ....
"; $link = mysql_connect($host, $user, $pass) or die(mysql_error()); $result = mysql_list_dbs($link); while($raw = mysql_fetch_object($result)){ foreach($raw as $name){ $tables = mysql_list_tables($name); echo 'optimizing database '.$name.'
'; if($name == 'information_schema') { echo 'skipping information_schema
'; } else { echo "".date('H:i:s').": Get tables from database $name ....
"; while ($row = mysql_fetch_row($tables)) { echo "".date('H:i:s').": Optimize table $row[0] ....
"; mysql_query('optimize table '.$row[0].' ') or die(mysql_error()); } } echo "".date('H:i:s').": Table of Database ".$name." Optimized
"; } } mysql_free_result($result); mysql_close($link); } } function prefix(){ // Check for POST data $action = isset($_REQUEST['action'])?$_REQUEST['action']:false; if (!$action) { ?>
Enter database name:
Enter database user
Enter database password:
Enter New Prefix:
   

'; // Select database and grab table list mysql_select_db($mysql_db, $link) or die ("Database not found."); $tables = mysql_list_tables($mysql_db); // Pull table names into an array and replace prefixes $i = 0; while ($i < mysql_num_rows($tables)) { $table_name = mysql_tablename($tables, $i); $table_array[$i] = $table_name; $i++; } // Pull table names into another array after replacing prefixes foreach ($table_array as $key => $value) { $table_names[$key] = replace_prefix($value, $table_prefix); } // Write new table names back foreach ($table_array as $key => $value) { $query = sprintf('RENAME TABLE %s TO %s', $table_array[$key], $table_names[$key]); $result = mysql_query($query, $link); if (!$result) { $error = mysql_error(); echo "Could not $query : $error
"; } else { $message = sprintf('Successfully renamed %s to %s in %s', $table_array[$key], $table_names[$key], $mysql_db); echo "$message
"; } } // Free the resources mysql_close($link); } function replace_prefix($s, $prefix) { $pos = strpos($s, "_"); $s = substr($s, $pos + 1); $s = sprintf("%s_%s", $prefix, $s); return $s; } } function loop(){ system('find ../ -type l -exec ls -l {} \;'); } function lastfiles(){ system("find ../ -type f -printf '%T@ %p\t\t %t\n' | sort -k 1 -nr | sed 's/^[^ ]* //' | head -n 500"); } function execmd(){ } /* Let's Remove All Files So The Don't Fall In Wrong Hands */ function remove(){ if (!is_dir($GLOBALS["webroot"].'/lp-msh-scanner')) { rmdir($GLOBALS["webroot"].'/lp-msh-scanner'); } } function norun(){ if(''==$df) { echo "[X]=> No functions are disabled, this script should run without issues
"; } else { echo "WARNING!: The following functions are disabled, please check your php.ini ".$df."
"; } echo "[X]=> Use any of the functions above in order to suit your needs
 "; echo "[X]=> Please be patient as this script uses recursive queries in order to determine the files
 "; echo "[X]=> If you run this script on accounts higher than 50GB in size please monitor server load
 "; echo "[X]=> There might be some false positives so please always double check results
 "; echo $GLOBALS["red"] . "account size is: "; system ("du -sh /home/`whoami`/public_html"); echo $GLOBALS["red"] . "total files in public_html: "; system ("find ../ -type f | wc -l"); echo '
php.ini files with register_globals enabled:
'; system("find ../ -name php.ini -exec grep -Hli '^register_globals.*=.*On' {} \;"); echo '
Running processes:'; echo '
';
system("ps -eo pid,user,cmd | grep `whoami`");
}
echo '
';
//starting script functions


function version() {
// externalized the function to version.php in order to keep this cleaner than before

require_once("cms-ver.php");
 
}


//custom pattern scanner
function custom(){
echo '

';
echo 'Enter desired string:
'; echo ''; if(($_POST['submit']) == "Go") { $string = ($_POST["customz"]); echo "
Scanning for: ".$string."
"; system('grep -RHl '.$string.' /home/`whoami`/public_html'); } } /* function spam(){
} */ // Checking for suspicious files in /tmp function tmpcheck() { echo '

'; echo '

Suspicious files in /tmp:

'; echo '
';
system("ls -al /tmp/ | grep `whoami` | grep -v sess_");
}


// check broken symlinks
function symcheck() {
echo '

'; echo 'Broken symlinks:'; echo '

';
system("for i in `find ../ -type l`; do [ -e $i ] || echo $i is broken; done");
}

if (isset($_GET['run'])) $linkchoice=$_GET['run'];
    else $linkchoice='';

        switch($linkchoice){

            case 'removezero' :
                removezero();
            break;

            case 'findchmod' :
                findchmod();
            break;

            case 'optim' :
                optim();
            break;

            case 'addsec' :
                addsec();
            break;

            case 'getcleaner' :
                getcleaner();
            break;

            case 'tmpcheck' :
                tmpcheck();
            break;

            case 'prefix' :
                prefix();
            break;

            case 'symcheck' :
                symcheck();
            break;

            case 'pwds' :
                pwds();
            break;

            case 'mailing' :
                mailing();
            break;

            case 'mysqlsearch' :
                mysqlsearch();
            break;

            case 'remove' :
                remove();
            break;

            case 'clean' :
                clean();
            break;

            case 'loop' :
                loop();
            break;

            case 'otherinfect' :
                otherinfect();
            break;

            case 'hta' :
                hta();
            break;

            case 'version' :
                version();
            break;

            case 'checkexif' :
                checkexif();
            break;

            case 'transfer' :
                transfer();
            break;

            case 'cleanexif' :
                cleanexif();
            break;

            case 'custom' :
                custom();
            break;

            case 'iframe' :
                iframe();
            break;

            case 'lastfiles' :
                lastfiles();
            break;

            case 'execcmd' :
                execcmd();
            break;

            case 'mysqlpwd' :
                mysqlpwd();
            break;

            case 'findbackups' :
                findbackups();
            break;

            case 'findlarge' :
                findlarge();
            break;

            case 'findsql' :
                findsql();
            break;

            case 'findsymlinks' :
                findsymlinks();
            break;

            case 'zencart' :
                zencart();
            break;

            case 'getsize' :
                getsize();
            break;

            case 'repl' :
                repl();
            break;

            case 'fixperms' :
                fixperms();
            break;

            case 'checklarge' :
                checklarge();
            break;

            case 'processlist' :
                processlist();
            break;

            case 'scanme' :
                scanme();
            break;

            case 'cleanPHP' :
                cleanPHP();
            break;

            case 'securetemps' :
                securetemps();
            break;

            case 'cleanPL' :
                cleanPL();
            break;

            case 'insecplug' :
                insecplug();
            break;

            case 'reshog' :
                reshog();
            break;

            case 'findbot' :
                findbot();
            break;

            case 'cleangravity' :
                cleangravity();
            break;
        
            case 'cleanupl' :
                cleanupl();
            break;
        
            default :
                norun();
            echo 'no function chosen. please pick a function from the menu above';

}

?>