Last active
July 1, 2023 09:36
-
-
Save speeddragon/889a454d5a44b60c746c to your computer and use it in GitHub Desktop.
Wordpress Backdoor Search with Ansible
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - hosts: www_servers | |
| user: ubuntu | |
| sudo: yes | |
| vars: | |
| folder: /usr/share/nginx/html | |
| backdoor_keywords: | |
| - "FilesMan" # OK | |
| - "<?php \\${" # OK | |
| - 'mail(stripslashes(' # OK | |
| - "<?php \\$array = array(" # OK | |
| - "<?php @array_diff_ukey(" # OK | |
| - "\\$_REQUEST\\[chr(" | |
| - "; \\$GLOBALS" # OK | |
| - '\"base64_decode\";return' # OK | |
| - "<?php \\$GLOBALS" | |
| - "eval(\\${" # OK | |
| - "isset(\\${" # OK | |
| - "PhpReverseProxy" # OK | |
| - "str_rot13(" # OK | |
| - "@assert(" # OK | |
| - "made-in-china.com" # OK | |
| - "@eval($" # OK | |
| - "trim(curl_exec(\\$ch))" # OK | |
| - "eval(stripslashes(\\$" # OK | |
| tasks: | |
| - name: # | |
| shell: grep -rnw {{folder}} -e "{{item}}" | cut -d":" -f1 | |
| register: backdoor_files | |
| with_items: backdoor_keywords | |
| - debug: msg="{{item.stdout.split('\n')}}" | |
| with_items: backdoor_files.results | |
| when: item.stdout |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello, How can I add an email notification code in my theme or plugin... If I have a theme or plugin for everyone. I want to add some code to make a backdoor with email notification. If anybody installs my theme on her website I will get an email notification with her website name/URL. If you have those code kindly help me... I need to learn it also, Thank you