-
Notifications
You must be signed in to change notification settings - Fork 6
/
find_traits
executable file
·131 lines (127 loc) · 2.25 KB
/
find_traits
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
#!/bin/bash
FNAMES='
exemplars/2.0
exemplars/2.1
exemplars/2.2
exemplars/2.3
exemplars/2.4
exemplars/2.5
exemplars/2.5.1
exemplars/2.6
exemplars/2.7
exemplars/2.8
exemplars/2.9
exemplars/3.0
exemplars/3.1
exemplars/4.1.1
exemplars/4.2.5
exemplars/bogel
exemplars/fx29
exemplars/lfiscanner.php
exemplars/waw
'
for NAME in $FNAMES
do
echo -n $(basename $NAME)
# Trait #1 - basic call_user_func() dispatch
#if fgrep -a -q "call_user_func('action' . \$_POST['a']);" $NAME
if fgrep -a -q "call_user_func(" $NAME
then
echo -n ',1'
fi
# Appearance of function actionNetwork()
if fgrep -a -q 'function actionNetwork()' $NAME
then
echo -n ',2'
fi
if fgrep -a -q 'function actionRC()' $NAME
then
echo -n ',3'
fi
if fgrep -a -q '$userAgents = array(' $NAME
then
echo -n ',4'
fi
if fgrep -a -q '$default_charset =' $NAME
then
echo -n ',5'
fi
if fgrep -a -q 'function WSOsetcookie' $NAME
then
echo -n ',6'
fi
if fgrep -a -q '$_Qli' $NAME
then
echo -n ',7'
fi
if fgrep -a -q 'function actionlfiscan' $NAME
then
echo -n ',8'
fi
if fgrep -a -q 'Cgib2t5YXp1QGdtYWlsLmNvbSIsJGp1ZHVsLCRib2R5LCRhdXRoX3Bhc3M' $NAME
then
echo -n ',9'
fi
if fgrep -a -q 'giaGFyZHdhcmVoZWF2ZW4uY29tQGdt' $NAME
then
echo -n ',10'
fi
if fgrep -a -q 'dZJNc5swEIb/iieTQ3ITuInLZHrAuBIrx9SA+dLFAxbBssRHQxM' $NAME
then
echo -n ',11'
fi
# if fgrep -a -q "@mail('hard_linux@mail.ru', 'NSA'," $NAME
# then
# echo -n ',12'
# fi
if fgrep -a -q 'function actionFramer' $NAME
then
echo -n ',13'
fi
# if fgrep -a -q 'Apache/2.2.22' $NAME
# then
# echo -n ',14'
# fi
if fgrep -a -q 'LFI File dumper' $NAME
then
echo -n ',15'
fi
if egrep -a -q 'fxbuff|wsobuff' $NAME
then
echo -n ',16'
fi
if fgrep -a -q 'function actionMass' $NAME
then
if fgrep -a -q 'function actionDomain' $NAME
then
echo -n ',17'
fi
fi
if fgrep -a -q 'function actionInfect' $NAME
then
if fgrep -a -q 'function actionDeface' $NAME
then
echo -n ',18'
fi
fi
if grep -a -q -v '[Ww][Ss][Oo]' $NAME
then
if fgrep -a -q 'bogel' $NAME
then
echo -n ',19'
fi
fi
# if egrep -a -q '(public|var) \$type' $NAME
# then
# echo -n ',20'
if grep -a -q 'var \$type' $NAME
then
echo -n ',21'
fi
# fi
if fgrep -a -q 'function hardLogin' $NAME
then
echo -n ',22'
fi
echo
done