Commands tagged malware (4)

  • Command makes use of the Malware Hash Registry (http://www.team-cymru.org/Services/MHR/). It parses the current directory and subdirectories and calculates the md5 hash of the files, then prints the name and sends the hash to the MHR for a lookup in their database. The 3rd value in the result is the detection percentage across a mix of AV packages. Show Sample Output


    11
    IFS=$'\n' && for f in `find . -type f -exec md5sum "{}" \;`; do echo $f | sed -r 's/^[^ ]+/Checking:/'; echo $f | cut -f1 -d' ' | netcat hash.cymru.com 43 ; done
    Neo23x0 · 2011-10-15 03:38:47 7
  • This command does something similar using dig which is usually more available. Show Sample Output


    0
    for i in $(find . -type f); do echo -n "$i " ;dig +short $(md5sum $i | cut -d' ' -f1).malware.hash.cymru.com TXT; echo ; done
    cerasus · 2015-07-28 09:58:04 8

  • 0
    find / -name \*.php -exec grep -Hn preg_replace {} \;|grep /e|grep POST
    UnklAdM · 2015-10-28 16:10:23 10
  • If this matches any files on your web server expect to find allot of malware spread throughout your server folders. Seems to target wordpress sites. Be sure to check your themes/theme-name/header.php files manually for various redirect scripting usually in the line right above the close head tag. Good luck! Show Sample Output


    0
    find / -name \*.php -exec grep -Hn .1.=.......0.=.......3.=.......2.=.......5.= {} \;
    UnklAdM · 2015-10-28 20:58:53 10

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands


Check These Out

Extract tarball from internet without local saving

Calculates the date 2 weeks ago from Saturday the specified format.
Good for automating reports that need to run from between two dates.

Reverse SSH
this command from the source server and this follow in the destination server: ssh user@localhost -p 8888

Cleanup debian/ubuntu package configurations
Sometimes, simpler is better.

Launch a game, like Tetris, when apt-get installing an app larger than 50 Megabytes
Change the APP variable's value to whatever you want to install. Depending on how fast your machine is, you'll want to adjust the value 50 to something else. You might also want to play a different game than Gnometris - just make sure it's a GUI game.

Random Futurama quote
Random Futurama quote from http://cubemonkey.net/quotes/. Change the quote= to change the quote source.

find an unused unprivileged TCP port
Some commands (such as netcat) have a port option but how can you know which ports are unused?

Update pandoc via cabal
An alternative to built-in package manager, keep pandoc in sync with upstream releases.

Quick way to sum every numbers in a file written line by line
If you have a file full of numbers written line by line, you can sum every line to get the total. With a file like this: 3443535 9878977 67554 987798 232324 you will got: 14610188

display a smiling smiley if the command succeeded and a sad smiley if the command failed
you could save the code between if and fi to a shell script named smiley.sh with the first argument as and then do a smiley.sh to see if the command succeeded. a bit needless but who cares ;)


Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: