Emposha » Web Security

PHP Shell Detector – web shell detection tool

emposha — Thu, 07 Jul 2011 12:37:14 +0000

PHP Shell Detector is a php script that helps you find and identify php shells. It also has a “web shells” signature database that helps to identify “web shell” up to 99%. By using the latest javascript and css technologies, php shell detector has a light weight and friendly interface . The main features is that if you’re not sure about a suspicious file, you may send it to the websecure.co.il team. After submitting your file, it will be inspected and if there are any threats, it will be inserted into a “php shell detector” web shells signature database and the next time this file will be recognized positively.

Screenshots:

: Modal popup with suspicious functions use

: Positive shell recognition ( suspicious functions list with ability to check what kind of function used)

: in case that shell not recognized you can always send it to websecure.co.il and they will inspect the file

: Report with total suspicious and shells files that was found

Settings:

extension – extensions that should be scanned
showlinenumbers – show line number where suspicious function used
dateformat – used with access time & modified time
langauge – if I want to use other language
directory – scan specific directory
task – perform different task
report_format – used with is_cron(true) file format for report file
is_cron – if true run like a cron(no output)
filelimit – maximum files to scan (more then 30000 you should scan specific directory)
useget – activate _GET variable for easy way to recive tasks
authentication – protect script with user & password in case to disable simply set to NULL
remotefingerprint – get shells signatures db by remote

Number of shells in signature database is: 141

Demo: http://www.emposha.com/demo/shelldetect/

Download: https://github.com/emposha/PHP-Shell-Detector

A New Type of Phishing Attack

emposha — Tue, 25 May 2010 06:38:33 +0000

The web is a generative and wild place. Sometimes I think I missed my calling; being devious is so much fun. Too bad my parents brought me up with scruples.

Most phishing attacks depend on an original deception. If you detect that you are at the wrong URL, or that something is amiss on a page, the chase is up. You’ve escaped the attackers. In fact, the time that wary people are most wary is exactly when they first navigate to a site. more>>

IPhone SMS Attack Unleashed

emposha — Thu, 30 Jul 2009 23:20:01 +0000

The bug was discovered by noted iPhone hacker Charlie Miller, who first talked about the issue at the SyScan conference in Singapore. At the time, he said he’d discovered a way to crash the iPhone via SMS, and that he thought that the crash could ultimately lead to working attack code.

But still the experts say that “iPhone Security: Latest Hack Not So Scary. So time will show

Mozilla Firefox 3.5 Memory Corruption Vulnerability

emposha — Tue, 14 Jul 2009 19:35:41 +0000

SBerry has discovered a vulnerability in Mozilla Firefox, which can be exploited by malicious people to compromise a user’s system.

The vulnerability is caused due to an error when processing JavaScript code handling e.g. “font” HTML tags and can be exploited to cause a memory corruption.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in version 3.5. Other versions may also be affected.

Source: http://secunia.com/advisories/35798/

Beware of two critical vulnerabilities in Firefox 3

emposha — Sat, 28 Mar 2009 21:20:41 +0000

The exploit was released Wednesday online. It attacks a vulnerability present on Windows, Mac and Linux versions of the browser and could be used to surreptitiously execute malware on the machines of users who browse booby-trapped websites.