Commands tagged malware (4)

  • Command makes use of the Malware Hash Registry (http://www.team-cymru.org/Services/MHR/). It parses the current directory and subdirectories and calculates the md5 hash of the files, then prints the name and sends the hash to the MHR for a lookup in their database. The 3rd value in the result is the detection percentage across a mix of AV packages. Show Sample Output


    11
    IFS=$'\n' && for f in `find . -type f -exec md5sum "{}" \;`; do echo $f | sed -r 's/^[^ ]+/Checking:/'; echo $f | cut -f1 -d' ' | netcat hash.cymru.com 43 ; done
    Neo23x0 · 2011-10-15 03:38:47 0
  • This command does something similar using dig which is usually more available. Show Sample Output


    0
    for i in $(find . -type f); do echo -n "$i " ;dig +short $(md5sum $i | cut -d' ' -f1).malware.hash.cymru.com TXT; echo ; done
    cerasus · 2015-07-28 09:58:04 0

  • 0
    find / -name \*.php -exec grep -Hn preg_replace {} \;|grep /e|grep POST
    UnklAdM · 2015-10-28 16:10:23 0
  • If this matches any files on your web server expect to find allot of malware spread throughout your server folders. Seems to target wordpress sites. Be sure to check your themes/theme-name/header.php files manually for various redirect scripting usually in the line right above the close head tag. Good luck! Show Sample Output


    0
    find / -name \*.php -exec grep -Hn .1.=.......0.=.......3.=.......2.=.......5.= {} \;
    UnklAdM · 2015-10-28 20:58:53 0

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands


Check These Out

list block devices
Shows all block devices in a tree with descruptions of what they are.

Which processes are listening on a specific port (e.g. port 80)
swap out "80" for your port of interest. Can use port number or named ports e.g. "http"

Easy way to scroll up und down to change to one of n last visited directories.
This alias is meant to append n (here is n=10) most recently used cd commands to the bottom of history file. This way you can easily change to one of previous visited directories simply by hitting 1-10 times arrow up key. Hint: You can make more aliases implying the same rule for any set of frequently used long and complex commands like: mkisof, rdesktop, gpg...

Generate a Google maps URL for GPS location data from digital photo
This command uses the "exiftool" command which is available here: http://www.sno.phy.queensu.ca/~phil/exiftool/ NB, there should be a degree symbol right after the first "%d" NOT a question mark. For some unknown reason, commandlinefu is not able to handle degree symbol correctly ("?")?

Find jpeg images and copy them to a central location
Use if you have pictures all over the place and you want to copy them to a central location Synopsis: Find jpg files translate all file names to lowercase backup existing, don't overwrite, preserve mode ownership and timestamps copy to a central location

Convert seconds to [DD:][HH:]MM:SS
Converts any number of seconds into days, hours, minutes and seconds. sec2dhms() { declare -i SS="$1" D=$(( SS / 86400 )) H=$(( SS % 86400 / 3600 )) M=$(( SS % 3600 / 60 )) S=$(( SS % 60 )) [ "$D" -gt 0 ] && echo -n "${D}:" [ "$H" -gt 0 ] && printf "%02g:" "$H" printf "%02g:%02g\n" "$M" "$S" }

Convert seconds to [DD:][HH:]MM:SS
Converts any number of seconds into days, hours, minutes and seconds. sec2dhms() { declare -i SS="$1" D=$(( SS / 86400 )) H=$(( SS % 86400 / 3600 )) M=$(( SS % 3600 / 60 )) S=$(( SS % 60 )) [ "$D" -gt 0 ] && echo -n "${D}:" [ "$H" -gt 0 ] && printf "%02g:" "$H" printf "%02g:%02g\n" "$M" "$S" }

Ad blocking on Ubuntu phone/tablet with hosts file
Will append lines to the hosts file to do some basic ad blocking.

Check reverse DNS
I'm just a simple programmer. I find dig too verbose. host tells me alias(es) and IP address in a quick to grok format with nothing special to remember for input parameters. With thanks to http://www.cyberciti.biz/faq/how-to-test-or-check-reverse-dns/

Get memory total from /proc/meminfo in Gigs


Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: