Skip to content

Commit 853ad0c

Browse files
author
Corb3nik
committed
Updates readme
1 parent 35f27e0 commit 853ad0c

File tree

1 file changed

+10
-10
lines changed

1 file changed

+10
-10
lines changed

README.md

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,11 @@
11
# PHP OPcache Override
22

3-
This project contains the demo website and the tools presented in the following blog post :
3+
This project contains the demo website and the tools presented in the following blog post :
44
http://blog.gosecure.ca/2016/04/27/binary-webshell-through-opcache-in-php-7
55

66
## 010 Editor Template
77

8-
This template parses OPcache files generated by a 32bit platform.
8+
This template parses OPcache files generated by a 32bit platform.
99

1010
- Download [010 editor](http://www.sweetscape.com/010editor/)
1111
- `Templates` -> `Open Template...` Select OPCACHE_x86.bt
@@ -14,7 +14,7 @@ This template parses OPcache files generated by a 32bit platform.
1414

1515
## Python System ID Scraper
1616

17-
This tool lets you extract the `system_id` of a `phpinfo()` page.
17+
This tool lets you extract the `system_id` of a `phpinfo()` page.
1818
Simply pass a filename or a URL.
1919

2020
$ ./system_id_scraper.py info.html
@@ -32,26 +32,26 @@ You can display it as a syntax tree (-t) or pseudocode (-c).
3232
Simply pass a display option and an OPcache file.
3333

3434
$ ./opcache_disassembler.py -c malware.php.bin
35-
35+
3636
#0 $280 = FETCH_IS('_GET', None);
3737
#1 ~0 = ISSET_ISEMPTY_DIM_OBJ($280, 'test');
3838
#2 JMPZ(~408, ->5);
3939
#3 ECHO('success', None);
4040
...
4141

4242

43-
## OPcache Malware Detect
43+
## OPcache Malware Hunter
4444
This tool helps detect malware hidden in OPcache files by searching specific keywords in the file's opcodes.
4545

46-
Pass an OPcache file or directory and the detector will recursively go through all the `.php.bin` files.
46+
Pass an OPcache file or directory and the hunter will recursively go through all the `.php.bin` files.
4747

48-
$ ./opcache_malware_detect.py malware.php.bin
48+
$ ./opcache_malware_hunt.py malware.php.bin
4949
Checking malware.php.bin
50-
Found potentially dangerous keyword 'preg_replace'.
51-
Found potentially dangerous keyword 'str_rot13'.
50+
Found potentially dangerous keyword 'preg_replace'.
51+
Found potentially dangerous keyword 'str_rot13'.
5252

5353
## Demo
54-
To setup the demo, run the following two commands :
54+
To setup the demo, run the following two commands :
5555

5656
sudo ./setup.sh
5757
php -S 127.0.0.1:8080 -c php.ini

0 commit comments

Comments
 (0)