GEEK Notes

Secure server

  1. Disable Root Login — /etc/ssh/sshd_config
  2. Change Port to (19132)  — /etc/ssh/sshd_config
tar cvzf MyImages-14-09-12.tar.gz /home/MyImages
tar -zxvf data.tar.gz

>>>>grep ‘eval(base64_decode(“DQplcnJvcl’ ./ -Rl > HACKS

>>>>for hackFile in `cat HACKS`; do cp -frp $hackFile $hackFile”-HACKED”; done

Now using that HACKS file in a loop, we want to create a backup copy of each injected script with the suffix -HACKED using the following command in case when we are stripping out the injection it happens to grab any good code accidentally:

>>>>for hackFile in `cat HACKS`; do sed -i ‘s#<?php.*eval(base64_decode(“DQplcnJvcl.*));#<?php#’ $hackFile; done

What this sed command is doing is using the -i flag for an in place replacement, the ‘s# part is telling it we’re doing a string replace, with the # symbol being the delimiter of our strings.

The next part is the sting we want to replace, it begins with <?php then we are using .* to state any character at all, followed by eval(base64_decode(“DQplcnJvcl which is the part of the injection we had copied earlier, then finally it ends with another .* to grab all of the rest of the text till finally the last part of the string )); is encountered.

After the second # we put the string we want the first string to be replaced with, in this case just <?php, then we finish up the sed command with another #’ then we put $hackFile after the
full sed command since that will be the file name of the current file in our loop.root@shamanshawn:/data/www/ #



define(‘DB_NAME’, ‘ssi_taste’);

/** MySQL database username */
define(‘DB_USER’, ‘ssi_taste’);

/** MySQL database password */
define(‘DB_PASSWORD’, ‘T@asteORt0rch!!!

Join Now

Already A Member?