Commands tagged malware (3)

  • If this matches any files on your web server expect to find allot of malware spread throughout your server folders. Seems to target wordpress sites. Be sure to check your themes/theme-name/header.php files manually for various redirect scripting usually in the line right above the close head tag. Good luck! Show Sample Output


    0
    find / -name \*.php -exec grep -Hn .1.=.......0.=.......3.=.......2.=.......5.= {} \;
    UnklAdM · 2015-10-28 20:58:53 0

  • 0
    find / -name \*.php -exec grep -Hn preg_replace {} \;|grep /e|grep POST
    UnklAdM · 2015-10-28 16:10:23 0
  • Command makes use of the Malware Hash Registry (http://www.team-cymru.org/Services/MHR/). It parses the current directory and subdirectories and calculates the md5 hash of the files, then prints the name and sends the hash to the MHR for a lookup in their database. The 3rd value in the result is the detection percentage across a mix of AV packages. Show Sample Output


    11
    IFS=$'\n' && for f in `find . -type f -exec md5sum "{}" \;`; do echo $f | sed -r 's/^[^ ]+/Checking:/'; echo $f | cut -f1 -d' ' | netcat hash.cymru.com 43 ; done
    Neo23x0 · 2011-10-15 03:38:47 0

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands


Check These Out

convert a,b,c to ('a','b','c') for use in SQL in-clauses

list files recursively by size

Which processes are listening on a specific port (e.g. port 80)
swap out "80" for your port of interest. Can use port number or named ports e.g. "http"

Resolution of a image
You can use the -format switch to get the size of the image. Replace "logo:" with your image.

Create a bash script from last n commands
Uses history to get the last n+1 commands (since this command will appear as the most recent), then strips out the line number and this command using sed, and appends the commands to a file.

get time in other timezones
On Ubuntu, if tzwatch is installed, then you can call up in terminal the output for every time zone configured in gWorldClock.

Get file access control list

Record MP3 audio via ALSA using ffmpeg
Record audio to an MP3 file via ALSA. Adjust -i argument according to arecord -l output.

Normalize volume in your mp3 library
This normalizes volume in your mp3 library, but uses mp3gain's "album" mode. This applies a gain change to all files from each directory (which are presumed to be from the same album) - so their volume relative to one another is changed, while the average album volume is normalized. This is done because if one track from an album is quieter or louder than the others, it was probably meant to be that way.

Inverted cowsay
It's quite fun to invert text using "flip.pl" (ref: http://ubuntuforums.org/showthread.php?t=2078323 ). Slightly more challenging is to flip a whole "cowsay". :-)


Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: