Commands tagged malware (4)

  • Command makes use of the Malware Hash Registry (http://www.team-cymru.org/Services/MHR/). It parses the current directory and subdirectories and calculates the md5 hash of the files, then prints the name and sends the hash to the MHR for a lookup in their database. The 3rd value in the result is the detection percentage across a mix of AV packages. Show Sample Output


    11
    IFS=$'\n' && for f in `find . -type f -exec md5sum "{}" \;`; do echo $f | sed -r 's/^[^ ]+/Checking:/'; echo $f | cut -f1 -d' ' | netcat hash.cymru.com 43 ; done
    Neo23x0 · 2011-10-15 03:38:47 0
  • This command does something similar using dig which is usually more available. Show Sample Output


    0
    for i in $(find . -type f); do echo -n "$i " ;dig +short $(md5sum $i | cut -d' ' -f1).malware.hash.cymru.com TXT; echo ; done
    cerasus · 2015-07-28 09:58:04 0

  • 0
    find / -name \*.php -exec grep -Hn preg_replace {} \;|grep /e|grep POST
    UnklAdM · 2015-10-28 16:10:23 0
  • If this matches any files on your web server expect to find allot of malware spread throughout your server folders. Seems to target wordpress sites. Be sure to check your themes/theme-name/header.php files manually for various redirect scripting usually in the line right above the close head tag. Good luck! Show Sample Output


    0
    find / -name \*.php -exec grep -Hn .1.=.......0.=.......3.=.......2.=.......5.= {} \;
    UnklAdM · 2015-10-28 20:58:53 0

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands


Check These Out

cycle through a 256 colour palette
Rainbow, instead of greys

Which processes are listening on a specific port (e.g. port 80)
swap out "80" for your port of interest. Can use port number or named ports e.g. "http"

Recursively Find Images, Convert to JPEGS and Delete
Simple command to convert a large number of images into jpeg-format. Will delete originals after conversion.

Making scripts runs on backgourd and logging output
Save all output to a log.

Which processes are listening on a specific port (e.g. port 80)
swap out "80" for your port of interest. Can use port number or named ports e.g. "http"

Kill most recently created process.
Kills the most recently created firefox process.

Copy sparse files
This causes cp to detect and omit large blocks of nulls. Sparse files are useful for implying a lot of disk space without actually having to write it all out. http://en.wikipedia.org/wiki/Sparse_file You can use it in a pipe too: $ dd if=/dev/zero bs=1M count=5 |cp --sparse=always /dev/stdin SPARSE_FILE

sort ugly text
Often, when sorting you want the sort to ignore extraneous characters. The b, d, and f tell sort to ignore leading blanks, use 'dictionary order' (ignore punctuation), and ignore (fold) case. Add a "u" if you only want one copy of duplicate lines. This is a great command to use within vim to sort lines of text, using !}sort -bdf

Convert CSV to JSON
Replace 'csv_file.csv' with your filename.

Check the hard disk vendor and model on Apple Mac


Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: