|
Ä¿ÇÇÇâÀÌ ³ª´Â *NIX
Ä¿ÇǴнº
½Ã½ºÅÛ/³×Æ®¿÷/º¸¾ÈÀ» ´Ù·ç´Â °÷
|
|
|
|
ÀÌÀü ÁÖÁ¦ º¸±â :: ´ÙÀ½ ÁÖÁ¦ º¸±â |
±Û¾´ÀÌ |
¸Þ½ÃÁö |
sCag ¼Õ´Ô
|
¿Ã·ÁÁü: 2011.7.14 ¸ñ, 11:42 am ÁÖÁ¦: ¾÷·Îµå ÈÀÏ Çڵ鸵 python codeÀÔ´Ï´Ù. (À¥½© »èÁ¦¿ë) |
|
|
¿ä»õ À¥ ÇÁ·Î±×·¡¸ÓµéÀÌ ±ô¹Ú ÇÏ°í upload¸ðµâ¿¡¼ È®ÀåÀÚ Ã¼Å© ¾ÈÇؼ À¥ È£½ºÆÃÀ̳ª ±âŸ·ù¿¡¼ À¥½©µéÀÌ ¿Ã¶ó¿À´Â ¼ö°¡ ºÎÁö±â ¼ö¶ó¼ php cgi¿Ã¶ó¿À´Â°Å »èÁ¦ ÇÏ°Ô Çسí°Ì´Ï´Ù.
¿ø·¡´Â ¾÷·Îµå µÇ¸é¼ ÈÀÏ ±î¼ obfusion code, injectin code, php code
º¸ÀÌ¸é »èÁ¦ ½ÃÅ°°Ô Çß´ø°Ç´ë Áß°£¿¡ ´Ù »©°í ´ëÃæ ¿Ã·Á º¾´Ï´Ù.
°£´ÜÈ÷ ÄÚµå Ãß°¡ Çؼ fockÇϽôøÁö ¾Æ´Ï¸é screen¿¡ ¶ç¿ö³õ°í ¾²½Ã¸é µÉµí ³ª¸ÓÁö ¼öÁ¤, ¸Ó ÀÌ·±ºÎºÐÀº ¾Ë¾Æ¼ =3==3
Ä¿³Î¿¡ inotifyÁö¿ø üũ ÇÏ¼Å¾ß ÇÏ´Â°Ç ´ç±Ù ¾Æ½Ã°ÎÁÒ?
---
ÄÚµå: |
#!/usr/bin/env python
#by sCag
import os, sys, glob
import pyinotify
gDirPath = "/path/to/monitoring/directory"
hWatch = pyinotify.WatchManager()
gMask = pyinotify.IN_MODIFY|pyinotify.IN_CREATE|pyinotify.IN_CLOSE_WRITE
class cDetect( pyinotify.ProcessEvent ):
def process_IN_CREATE( self, event ):
org_file_name = os.path.join( event.path, event.name )
file_name = org_file_name.lower()
try:
if file_name.find( ".php" ) <> -1 or file_name.find( ".cgi" ) <> -1:
os.remove( org_file_name )
print "Deleted: %s"%org_file_name
except:
pass
pass
def process_IN_MODIFY( self, event ):
pass
def process_IN_CLOSE_WRITE( self, event ):
pass
hNotifier = pyinotify.Notifier( hWatch, cDetect() )
hWatch.add_watch( gDirPath, gMask, rec=True )
for mDirList in glob.glob( gDirPath ):
if os.path.isdir( mDirList ) == True:
hWatch.add_watch( mDirList, gMask, rec=True )
while True:
try:
hNotifier.process_events()
if hNotifier.check_events():
hNotifier.read_events()
except KeyboardInterrupt:
hNotifier.stop()
break |
|
|
À§·Î |
|
|
|
|
»õ·Î¿î ÁÖÁ¦¸¦ ¿Ã¸± ¼ö ÀÖ½À´Ï´Ù ´ä±ÛÀ» ¿Ã¸± ¼ö ÀÖ½À´Ï´Ù ÁÖÁ¦¸¦ ¼öÁ¤ÇÒ ¼ö ¾ø½À´Ï´Ù ¿Ã¸° ±ÛÀ» »èÁ¦ÇÒ ¼ö ¾ø½À´Ï´Ù ÅõÇ¥¸¦ ÇÒ ¼ö ¾ø½À´Ï´Ù
|
Powered by phpBB © 2001, 2005 phpBB Group
|