Scan symlinks on web server directory structure recursively to find if any symlinks exist. I used it to discover if a shared web hosting server was compromised/ rooted using the symlink attack. Read about the attack in the link below. Note: Don’t forget to change the path.
|
1 |
find /home*/*/public_html -type l -exec ls -l {} \; | grep "\-> /$" |
Anatomy of the attack
Note: that there will be a lot false positives when scanning WordPress file structures.
|
1 2 3 |
grep '((eval.*(base64_decode|gzinflate))|\$[0O]{4,}|(\\x[0-9a-fA-F]{2}){8,}|cgitelnet|webadmin|PHPShell|tryag|r57shell|c99shell|noexecshell|revengans|myshellexec|FilesMan|JGF1dGhfc|document\.write\("\\u00|sh(3(ll|11)))' . -roE --include=*.php* grep '((eval.*(base64_decode|gzinflate))|cgitelnet|webadmin|ircd|PHPShell|tryag|r57shell|c99shell|noexecshell|revengans|myshellexec|FilesMan|JGF1dGhfc)' . -roE --include=*.php* |
Discover world writable files (aka with permission 777) will help you sometimes find out which files you missed to secure from your user’s eyes.
|
1 |
find / -perm -2 ! -type l -ls |
If you don’t understand Linux file permission bits you should read this
|
1 |
<strong><span style="font-size: x-large;">Description</span></strong> |
|
1 2 3 |
BFD is a modular shell script for parsing application logs and checking for authentication failures. It does this using a rules system where application specific options are stored including regular expressions for each unique auth format. The regular expressions are parsed against logs using the ‘sed’ tool (stream editor) which allows for excellent performance in all environments. In addition to the benefits of parsing logs in a single stream with sed, BFD also uses a log tracking system so logs are only parsed from the point which they were last read. This greatly assists in extending the performance of BFD even further as we are not constantly reading the same log data. The log tracking system is compatible with syslog/logrotate style log rotations which allows it to detect when rotations have happened and grab log tails from both the new log file and the rotated log file. <span style="font-size: x-large;">Installing on <strong>Ubuntu</strong>/<strong>Debian</strong></span> |
|
1 2 3 |
sudo apt-get install libxml2 libxml2-dev libxml2-utils sudo apt-get install libaprutil1 libaprutil1-dev sudo apt-get install libapache-mod-security |
regards, @specktator
This jquery snippet protects your published email addresses from being obtained from spam bots. Keep in mind that your (html)code must be in form Peter_[at]_example.com and the emails must be inside an ellement with mail class in order to let javascript replace the correct characters. Of course you can modify it as you wish ;) […]
