Vladimír Smitka lynt-smitka
lynt-smitka
/ lynt-installer-security.php
Last active
September 1, 2022 20:17
This MU plugin blocks attempts to install WP to remote databases. https://smitka.me/2022/07/01/wordpress-installer-attack-race/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * Plugin Name: Lynt WP Installer Security PoC1 | |
| * Author: Vladimir Smitka | |
| * Author URI: https://lynt.cz/ | |
| * License: GNU General Public License v3 or later | |
| * License URI: http://www.gnu.org/licenses/gpl-3.0.html | |
| */ | |
| if ( defined( 'WP_SETUP_CONFIG' ) && !empty( $_POST['dbhost'] ) ) { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <body> | |
| <script> | |
| var serverport = '<?php echo intval($_SERVER['SERVER_PORT']);?>'; | |
| var browserport = window.location.port || (window.location.protocol === 'https:' ? '443' : '80'); | |
| var color = (serverport === browserport ? 'green' : 'red'); | |
| var text = "<pre style='color:#color'>Server port: "+serverport+"<br>Browser port: "+browserport+"</pre>"; | |
| document.write(text.replace("#color",color)); | |
| </script> | |
| <pre> |
lynt-smitka
/ vulnerability scanner log
Created
July 13, 2022 09:40
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 64.78.149.164 - - [13/Jul/2022:08:00:04 +0000] "GET /.well-known/acme-challenge/gd22ntR9D4t5fTtZGFIvnGXZ_ufFAgwOxBmelQ1Sq40 HTTP/1.1" 200 87 "-" "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)" "-" | |
| 172.105.5.120 - - [13/Jul/2022:08:01:21 +0000] "GET / HTTP/1.1" 302 145 "-" "-" "-" | |
| 172.105.5.120 - - [13/Jul/2022:08:01:24 +0000] "GET /server-status HTTP/1.1" 302 145 "-" "Go-http-client/1.1" "-" | |
| 172.105.5.120 - - [13/Jul/2022:08:01:24 +0000] "GET /telescope/requests HTTP/1.1" 302 145 "-" "Go-http-client/1.1" "-" | |
| 172.105.5.120 - - [13/Jul/2022:08:01:24 +0000] "GET /?rest_route=/wp/v2/users/ HTTP/1.1" 302 145 "-" "Go-http-client/1.1" "-" | |
| 172.105.5.120 - - [13/Jul/2022:08:01:24 +0000] "GET /s/3133382e36382e39362e3830/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties HTTP/1.1" 302 145 "-" "Go-http-client/1.1" "-" | |
| 172.105.5.120 - - [13/Jul/2022:08:01:24 +0000] "GET /info.php HTTP/1.1" 200 96474 "-" "Go-http-client/1.1" "-" | |
| 172.105.5.120 - - [13/Jul/2022:08: |
lynt-smitka
/ setup-config.php
Last active
July 4, 2022 12:23
Modified WP setup-config.php with install-key protection. https://smitka.me/2022/07/01/wordpress-installer-attack-race/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * Retrieves and creates the wp-config.php file. | |
| * | |
| * The permissions for the base directory must allow for writing files in order | |
| * for the wp-config.php to be created using this page. | |
| * | |
| * @package WordPress | |
| * @subpackage Administration | |
| */ |
lynt-smitka
/ backdoor-example.php
Created
July 2, 2022 12:08
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * @package ZeroSpam | |
| * @version 6.0.0 | |
| */ | |
| /* | |
| Plugin Name: Zero Spam for WordPress | |
| Plugin URI: https://www.highfivery.com/projects/zero-spam/ | |
| Description: Tired of all the ineffective WordPress anti-spam & security plugins? Zero Spam for WordPress makes blocking spam & malicious activity a cinch. <strong>Just activate, configure, and say goodbye to spam.</strong> |
lynt-smitka
/ malicious_requests.log
Created
July 1, 2022 17:56
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 95.211.187.223 - [01/Jul/2022:13:45:58 +0000] "GET /index.php HTTP/1.1" 302 2048 "-" "Go-http-client/1.1" | |
| 95.211.187.223 - [01/Jul/2022:13:45:58 +0000] "GET /index.php HTTP/1.1" 302 2048 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36" | |
| 95.211.187.223 - [01/Jul/2022:13:45:58 +0000] "GET /wp-admin/setup-config.php HTTP/1.1" 200 4096 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36" | |
| 95.211.187.223 - [01/Jul/2022:13:45:59 +0000] "POST /wp-admin/setup-config.php?step=2 HTTP/1.1" 200 4096 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36" | |
| 95.211.187.223 - [01/Jul/2022:13:46:00 +0000] "POST /wp-login.php HTTP/1.1" 302 2048 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36" | |
| 95.211.187.223 - [01/Jul/2022:13:46:00 +0000] "GET /wp-admin/i |
lynt-smitka
/ plugin.php
Created
April 27, 2022 07:46
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /* | |
| Plugin Name: Ukazka vlozeni skriptu na thankyou page | |
| */ | |
| function lynt_ukazkova_akce( $order_id ) { | |
| ?> | |
| <script> | |
| console.log("thank you!"); | |
| </script> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| if (!function_exists('putenv')) { | |
| function putenv($string){ | |
| return false; | |
| } | |
| } |
lynt-smitka
/ lynt-managed.php
Created
March 30, 2022 14:29
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * Plugin Name: Managed plugins | |
| * Description: Managed plugins detection | |
| * Author: Vladimir Smitka | |
| * Author URI: https://lynt.cz/ | |
| * License: GNU General Public License v3 or later | |
| * License URI: http://www.gnu.org/licenses/gpl-3.0.html | |
| */ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 7zip coreutils dig gawk git github greenshot grep gzip heidisql irfanview jq mpc-hc-fork netcat nmap pspad sed sumatrapdf totalcommander touch vim vscode wget winbox windows-terminal winmerge winscp xmlstarlet |