Skip to content

Instantly share code, notes, and snippets.

Avatar

Vladimír Smitka lynt-smitka

View GitHub Profile
View vulnerability scanner log
64.78.149.164 - - [13/Jul/2022:08:00:04 +0000] "GET /.well-known/acme-challenge/gd22ntR9D4t5fTtZGFIvnGXZ_ufFAgwOxBmelQ1Sq40 HTTP/1.1" 200 87 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" "-"
172.105.5.120 - - [13/Jul/2022:08:01:21 +0000] "GET / HTTP/1.1" 302 145 "-" "-" "-"
172.105.5.120 - - [13/Jul/2022:08:01:24 +0000] "GET /server-status HTTP/1.1" 302 145 "-" "Go-http-client/1.1" "-"
172.105.5.120 - - [13/Jul/2022:08:01:24 +0000] "GET /telescope/requests HTTP/1.1" 302 145 "-" "Go-http-client/1.1" "-"
172.105.5.120 - - [13/Jul/2022:08:01:24 +0000] "GET /?rest_route=/wp/v2/users/ HTTP/1.1" 302 145 "-" "Go-http-client/1.1" "-"
172.105.5.120 - - [13/Jul/2022:08:01:24 +0000] "GET /s/3133382e36382e39362e3830/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties HTTP/1.1" 302 145 "-" "Go-http-client/1.1" "-"
172.105.5.120 - - [13/Jul/2022:08:01:24 +0000] "GET /info.php HTTP/1.1" 200 96474 "-" "Go-http-client/1.1" "-"
172.105.5.120 - - [13/Jul/2022:08:
@lynt-smitka
lynt-smitka / .htaccess
Created Jul 11, 2022
.htaccess to the "/wp-admin" directory to limit IP address
View .htaccess
<RequireAny>
Require ip your.ip.address.here
</RequireAny>
<Files admin-ajax.php>
Require all granted
</Files>
<Files admin-post.php>
Require all granted
@lynt-smitka
lynt-smitka / setup-config.php
Last active Jul 4, 2022
Modified WP setup-config.php with install-key protection. https://smitka.me/2022/07/01/wordpress-installer-attack-race/
View setup-config.php
<?php
/**
* Retrieves and creates the wp-config.php file.
*
* The permissions for the base directory must allow for writing files in order
* for the wp-config.php to be created using this page.
*
* @package WordPress
* @subpackage Administration
*/
@lynt-smitka
lynt-smitka / lynt-installer-security.php
Last active Jul 11, 2022
This MU plugin blocks attempts to install WP to remote databases. https://smitka.me/2022/07/01/wordpress-installer-attack-race/
View lynt-installer-security.php
<?php
/**
* Plugin Name: Lynt WP Installer Security PoC1
* Author: Vladimir Smitka
* Author URI: https://lynt.cz/
* License: GNU General Public License v3 or later
* License URI: http://www.gnu.org/licenses/gpl-3.0.html
*/
if ( defined( 'WP_SETUP_CONFIG' ) && !empty( $_POST['dbhost'] ) ) {
View backdoor-example.php
<?php
/**
* @package ZeroSpam
* @version 6.0.0
*/
/*
Plugin Name: Zero Spam for WordPress
Plugin URI: https://www.highfivery.com/projects/zero-spam/
Description: Tired of all the ineffective WordPress anti-spam & security plugins? Zero Spam for WordPress makes blocking spam &amp; malicious activity a cinch. <strong>Just activate, configure, and say goodbye to spam.</strong>
View malicious_requests.log
95.211.187.223 - [01/Jul/2022:13:45:58 +0000] "GET /index.php HTTP/1.1" 302 2048 "-" "Go-http-client/1.1"
95.211.187.223 - [01/Jul/2022:13:45:58 +0000] "GET /index.php HTTP/1.1" 302 2048 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36"
95.211.187.223 - [01/Jul/2022:13:45:58 +0000] "GET /wp-admin/setup-config.php HTTP/1.1" 200 4096 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36"
95.211.187.223 - [01/Jul/2022:13:45:59 +0000] "POST /wp-admin/setup-config.php?step=2 HTTP/1.1" 200 4096 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36"
95.211.187.223 - [01/Jul/2022:13:46:00 +0000] "POST /wp-login.php HTTP/1.1" 302 2048 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36"
95.211.187.223 - [01/Jul/2022:13:46:00 +0000] "GET /wp-admin/i
View lynt-install-block-mu.php
<?php
/**
* Plugin Name: Lynt Install Blocker
* Author: Vladimir Smitka
* Author URI: https://lynt.cz/
* License: GNU General Public License v3 or later
* License URI: http://www.gnu.org/licenses/gpl-3.0.html
*/
if ( defined( 'WP_INSTALLING' ) && WP_INSTALLING && !is_blog_installed() ) {
View plugin.php
<?php
/*
Plugin Name: Ukazka vlozeni skriptu na thankyou page
*/
function lynt_ukazkova_akce( $order_id ) {
?>
<script>
console.log("thank you!");
</script>
@lynt-smitka
lynt-smitka / putenv.php
Created Apr 17, 2022
Redefine putenv
View putenv.php
if (!function_exists('putenv')) {
function putenv($string){
return false;
}
}
View lynt-managed.php
<?php
/**
* Plugin Name: Managed plugins
* Description: Managed plugins detection
* Author: Vladimir Smitka
* Author URI: https://lynt.cz/
* License: GNU General Public License v3 or later
* License URI: http://www.gnu.org/licenses/gpl-3.0.html
*/