SumHack

13 object(s)
 

临时笔记

关键词

eval

unserialize

serialize

$_FILES

检查 /etc/shadow 下

查看端口判断服务

netstat -tln

FTP

扫描局域网

sudo nmap -sP -PI -PT 192.168.1.0/24

一句话查杀

find ./ -name "*.php" |xargs egrep "phpspy|c99sh|milw0rm|eval(gunerpress|eval(base64_decoolcode|spider_bc))" > php.txt

grep -r --include=*.php '1eval($_POST' . > eval.txt

grep -r --include=.php 'file_put_contents(.$_POST[.*]);' . > file_put_contents.txt

find ./ -name "*.php" -type f -print0 | xargs -0 egrep "(phpspy|c99sh|milw0rm|eval(gzuncompress(base64_decoolcode|eval(base64_decoolcode|spider_bc|gzinflate)" | awk -F: '{print $1}' | sort | uniq

查看1天内被修改的php文件

find -mtime -1 -type f -name *.php

  1. a-z