تويت
حاجة على السريع كدا عشان الإمتحانات :gotcha:
ب replace!
بعض اهم الحاجات فى تأمين ال php مثل
Disable dangerous functions
Turn on the Safe mode
Turn off Register Globals
كل اللى عليك
python filename.py
الكود يتعمل فى 3 سطور فى shell script ولكن مش دا الهدف .. الهدف هو إزاى استخدم ال Python بطريقة interactive وخصوصا إنها تشتغل على كل الأنظمة
مثال مصغر للكود :
الكود الثانى يعمل 100% فى حالة إنك عايز تطبق ال 3 تعديلات .
gr8s to st0rm
ب replace!
كود:
#!bin/python
###################################
# Programmer : StrikerX .
# Purpose : Secure php.ini .
###################################
from sys import *
path = raw_input("Enter the Path of php.ini file : ")
def disableFunctions():
print '''\n
PHP has a lot of potential to mess up your server and hack user accounts and even get root. I've seen many times where users use an insecure PHP script as an entry point to a server to start unleashing dangerous commands and taking control.
\n'''
f = open(path, "r")
array = []
array += f.readlines();
f.close()
text = ""
for line in array:
text += line
text = text.replace("disable_functions =", "disable_functions = dl,system,exec,passthru,shell_exec")
f = open(path, "w")
f.write(text)
f.close()
print "Dangerous functions are disabled"
def safeMode():
print '''The PHP safe mode is an attempt to solve the shared-server security problem\n'''
f = open(path, "r")
array = []
array += f.readlines();
f.close()
text = ""
for line in array:
text += line
text = text.replace("safe_mode = Off", "safe_mode = On")
f = open(path, "w")
f.write(text)
f.close()
print "Safe Mode is On ."
def regGlobals():
print '''\nRegister_globals will inject your scripts with all sorts of variables \n'''''
f = open(path, "r")
array = []
array += f.readlines();
f.close()
text = ""
for line in array:
text += line
text = text.replace("register_globals = On", "register_globals = Off")
f = open(path, "w")
f.write(text)
f.close()
print "Register Globals are turned off ."
def about():
print("\nWritten by StrikerX \n")
def options():
print "\n----------------------------------------\n"
print "\n1- Disable dangerous functions ."
print "\n2- Turn on the Safe mode ."
print "\n3- Turn off Register Globals ."
print "\n4- About ."
print "\n5-Quit"
print "\n----------------------------------------\n"
options()
option = int(raw_input("Enter your choice [5 to quit] : "))
while (option != 5):
options()
if option == 1 :
disableFunctions()
break
elif option == 2 :
safeMode()
break
elif option == 3 :
regGlobals()
break
elif option == 4 :
about()
break
else :
print "\n Unknown !"
Disable dangerous functions
Turn on the Safe mode
Turn off Register Globals
كل اللى عليك
python filename.py
الكود يتعمل فى 3 سطور فى shell script ولكن مش دا الهدف .. الهدف هو إزاى استخدم ال Python بطريقة interactive وخصوصا إنها تشتغل على كل الأنظمة
مثال مصغر للكود :
كود:
#!bin/python
###################################
# Programmer : StrikerX .
# Purpose : Secure php.ini .
###################################
from sys import *
path = raw_input("Enter the Path of php.ini file : ")
ver = 1.0
f = open(path, "r")
array = []
array += f.readlines();
f.close()
text = ""
for line in array:
text += line
f = open(path, 'w')
text = text.replace("disable_functions =", "disable_functions = dl,system,exec,passthru,shell_exec")
text = text.replace("safe_mode = Off", "safe_mode = On")
text = text.replace("register_globals = On", "register_globals = Off")
f.write(text)
f.close()
print "\n----------------------------\n"
print "Dangerous functions are disabled ."
print "Safe Mode is On ."
print "Register Globals are turned off ."
print "Securing php.ini is compelete ."
gr8s to st0rm
StrikerX:thumpsup_green:
تعليق