97 lines
1.2 KiB
Plaintext
97 lines
1.2 KiB
Plaintext
# strings for finding backdoor shells, rootkits, botnets, and exploitable functions
|
|
# grep -Rn "shell *(" /var/www
|
|
passthru
|
|
shell_exec
|
|
system
|
|
phpinfo
|
|
base64_decode
|
|
chmod
|
|
mkdir
|
|
fopen
|
|
fclose
|
|
readfile
|
|
php_uname
|
|
eval
|
|
edoced_46esab
|
|
popen
|
|
include
|
|
create_function
|
|
mysql_execute
|
|
php_uname
|
|
proc_open
|
|
pcntl_exec
|
|
``
|
|
include_once
|
|
require
|
|
require_once
|
|
posix_mkfifo
|
|
posix_getlogin
|
|
posix_ttyname
|
|
getenv
|
|
get_current_user
|
|
proc_get_status
|
|
get_cfg_var
|
|
disk_free_space
|
|
disk_total_space
|
|
diskfreespace
|
|
getcwd
|
|
getlastmo
|
|
getmygid
|
|
getmyinode
|
|
getmypid
|
|
getmyuid
|
|
assert
|
|
extract
|
|
parse_str
|
|
putenv
|
|
ini_set
|
|
pfsockopen
|
|
fsockopen
|
|
apache_child_terminate
|
|
posix_kill
|
|
posix_setpgid
|
|
posix_setsid
|
|
posix_setuid
|
|
tmpfile
|
|
bzopen
|
|
gzopen
|
|
chgrp
|
|
chown
|
|
copy
|
|
file_put_contents
|
|
lchgrp
|
|
lchown
|
|
link
|
|
mkdir
|
|
move_uploaded_file
|
|
symlink
|
|
tempnam
|
|
imagecreatefromgif
|
|
imagecreatefromjpeg
|
|
imagecreatefrompng
|
|
imagecreatefromwbmp
|
|
imagecreatefromxbm
|
|
imagecreatefromxpm
|
|
ftp_put
|
|
ftp_nb_put
|
|
exif_read_data
|
|
read_exif_data
|
|
exif_thumbnail
|
|
exif_imagetype
|
|
hash_file
|
|
hash_hmac_file
|
|
hash_update_file
|
|
md5_file
|
|
sha1_file
|
|
highlight_file
|
|
show_source
|
|
php_strip_whitespace
|
|
get_meta_tags
|
|
str_repeat
|
|
unserialize
|
|
register_tick_function
|
|
register_shutdown_function
|
|
getuid
|
|
uname
|
|
gethostname
|