More

Thursday, May 8, 2008

Код хонепота

Code:
////////////////////////////////////////////////////////
//Begin Custom Honeypot Section
//GHH Honeypot by Ryan McGeehan for GHDB Signature #365 (intitle:”PHP Shell *” “Enable stderr” filetype”"hp)
////////////////////////////////////////////////////////
$HoneypotName = “PHPSHELL”;

//Trick PHP Shell page
echo "\n\nPHP Shell 1.7\n\n\n

PHP Shell 1.7

\n\n\n
\n

Current working directory: \nRoot/

\n\n

Choose new working directory:\n\n
\n
\n
\n
\n\n

\n\n

Command: \n

\n\n

Enable stderr-trapping?

\n\n
\n\n\n\n
\nCopyright © 2000–2002, Martin Geisler. Get the latest\nversion at www.gimpster.com.\n\n\n";

//Find our PHP shell target in the referer site
if (strstr($Attack[’referer’], “Shell”)){
$Signature[] = “Target in URL”;
}

//Finds if exact GHDB signature was used
if (strstr ($Attack[’referer’], ” intitle%3A%22PHP+Shell+*%22+%22Enable+stderr%22+fi
letype%3Aphp”)){
$Signature[] = “GHDB Signature!”;
}

////////////////////////////////////////////////////////
//End Custom Honeypot Section
////////////////////////////////////////////////////////

No comments: