To find the largest files and directories on a linux server, type the command bellow… and grab a cup of coffee afterwards. Change head -n $top_num to your liking to get the top x files and/or directories.
|
1 |
du -a / | sort -n -r | head -n 5 |
Scan symlinks on web server directory structure recursively to find if any symlinks exist. I used it to discover if a shared web hosting server was compromised/ rooted using the symlink attack. Read about the attack in the link below. Note: Don’t forget to change the path.
|
1 |
find /home*/*/public_html -type l -exec ls -l {} \; | grep "\-> /$" |
Anatomy of the attack
Note: that there will be a lot false positives when scanning WordPress file structures.
|
1 2 3 |
grep '((eval.*(base64_decode|gzinflate))|\$[0O]{4,}|(\\x[0-9a-fA-F]{2}){8,}|cgitelnet|webadmin|PHPShell|tryag|r57shell|c99shell|noexecshell|revengans|myshellexec|FilesMan|JGF1dGhfc|document\.write\("\\u00|sh(3(ll|11)))' . -roE --include=*.php* grep '((eval.*(base64_decode|gzinflate))|cgitelnet|webadmin|ircd|PHPShell|tryag|r57shell|c99shell|noexecshell|revengans|myshellexec|FilesMan|JGF1dGhfc)' . -roE --include=*.php* |
