Posted By

koncept on 06/26/08


Tagged

php Bash trojan c99Shell


Versions (?)

Find c99Shell PHP trojan hiding within PHP files


 / Published in: Bash
 

This code will start searching from / if no shell argument passed. You may want to adjust this default directory to the location of your apache directory instead for speed purposes.

  1. #!/usr/bin/env bash
  2. # Identifies instances of the c99Shell PHP trojan within PHP files
  3. FIND_LOC=${1:-/} # Root the find by the a directory provided as argument or default to root
  4. echo "Starting search from $FIND_LOC..."
  5. find $FIND_LOC -type f -iname '*.php' -exec grep -qi 'C99Shell' '{}' \; -print
  6. echo "Complete"
  7. : # clean exit

Report this snippet  

Comments

RSS Icon Subscribe to comments
Posted By: mohammedsaud on November 12, 2008

id

Posted By: mohammedsaud on November 12, 2008

http://www.mh2.com

You need to login to post a comment.