Cleanup!

recently I have been experiencing few important breakthrough moments of my life, which led me to look at things from a different perspective, thus many things that used to fit in my previous believe system are now wrong.

So I have decided to remove some of the older posts of my blog which I no longer agree with their contents.

with the hope that no one ever is in need to read those old material, I would like to wish you all a great weekend.

removing wordpress malware infecting js files.

A recent WordPress malware is targeting WordPress websites by injecting a piece of malicious code into every single JavaScript files (mostly libraries specially Jquery) which acts maliciously by redirecting the visitors to advertising affiliate sites.

Example injected code:

Well I came to know about this when a client approached me to clean his hacked website. after looking for this pattern within the files on his WordPress directory I came to find that over 600 Javascript files were injected with the code above.

I have gotten the above result by doing a grep in the public_html folder. following command was used to do a recursive grep looking for matching malicious variable name:

looking at the above commands result I found a file named db.php was uploaded to one of the plugins folder which a simple get request to that php file would case of that mass injection to all javascript files.

now lets get rid of the bad stuff in all files by using sed in combination of grep command as below:

This will remove the pattern from each single file that contains it.

 

Run PHP codes on the fly using phpExec

phpExec is a small tool I did to execute php snippets on the fly. Basically it is like jsfiddle for php which should be hosted by yourself.

phpExec is a simple script written in php which provides an in-browser editor to write and run php codes. the only requirement would be having php binaries on your machine. you can either use the built in php server functionality shipped with phpExec or place the copy in your web server folder and access it locally.

with phpExec you do not have any limitation on which functions that you can use, so you can even kill your machine with your code if you wish to.

Up and running phpExec:

To get started with phpExec simply download the repository in github and run composer install within the folder to download the required dependencies.

Once you have the folder downloaded you can place it on your local webserver and go to phpExec editor without any additional configuration.

While that would be the fastest way to up and run phpExec, you also could use the phpexec command line utility to run the app on php built-in server.

Running phpexec on the built-in web server would let you to modify the php.ini variables easily by editing the file shipped in the root folder of the project.

to start try running:

to run phpexec on the built in server simply use the command

This will run phpExec on localhost:8000 by default. as an additional argument you can pass host and port number to the serve command.

you can also use includes in phpExec. running phpexec make:include command will create a folder and a file within the root directory named as includes/ & includes.php.

once this is done you can add any custom class or php files in the includes folder and reference them in the includes.php .

Also remember symfony var_dumper is already loaded with the page. you can use the dump function anytime within your snippets.

phpexec official page | phpexec github page

 

 

Search and replace IP addresses in CloudFlare

Search and Replace CloudFlare IPS

So I had to search between more than 700 dns records in our cloudflare account and update the IP addresses to the new servers, out of this task I came up with this tiny application I did in PHP that allows you to search all your cloudflare accounts for an specific IP address and then replace them with the new IP address.

It uses the cloudflare API. It also uses background processes since the process may take long time.

You can download this tiny app from my github. You need to have php installed and a webserver to show the files. of course you can just use it with the PHP built in web server.

To get started open the includes.php file and enter your cloudflare API and email credentials and then launch the app.

By clicking on replace button the application will only lookup your cloudflare and find the changes and shows them to you as a dry run and once you confirm the changes it will do the changes in the background.

Hope it helps some of you peeps out there.

 

Cortana is missing after Windows 10 Anniversary Update

cortana missing anniversary updateOther than the bash one of the most exciting things for me in Anniversary update of Windows 10 was the Android Notification Sync feature, so before even my update completes I already had cortana installed on my Moto X Pure edition.

But Oddly after update Cortana was gone, With no option to enable it. Searching for it online resulted that Microsoft is aware of in this issue and they are working on an update to fix. But there was a quick fix posted in Microsoft Forums which I’m gonna show you today, and Yup, Its Registry Again!

  1. Open Registry editor, Type regedit in the search box to get there.
  2. Navigate to “HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Search” .
  3.  Find the Key BingSearchEnabled, Double click on it and change its value to 1.
  4.  Find the Key CortanaEnabled and Double click on it and change its value to 1 as well.

Thats it. click on cortana and you should be able to see her greetings again. “Hi! How can I help?”