From 061ccbde9fde9d14ca74e215d568b6dc6cc0dc67 Mon Sep 17 00:00:00 2001
From: JT <shipcodez@gmail.com>
Date: Mon, 26 Jan 2015 20:45:53 +0800
Subject: [PATCH] Create malicious.txt

Adding strings for finding backdoor shells, rootkits, botnets, and exploitable functions
---
 GrepStrings/malicious.txt | 94 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 94 insertions(+)
 create mode 100644 GrepStrings/malicious.txt

diff --git a/GrepStrings/malicious.txt b/GrepStrings/malicious.txt
new file mode 100644
index 00000000..f5e258ff
--- /dev/null
+++ b/GrepStrings/malicious.txt
@@ -0,0 +1,94 @@
+# strings for finding backdoor shells, rootkits, botnets, and exploitable functions
+# grep -Rn "shell *(" /var/www
+
+passthru
+shell_exec
+system
+phpinfo
+base64_decode
+chmod
+mkdir
+fopen
+fclose
+readfile
+php_uname
+eval
+edoced_46esab
+popen
+include
+create_function
+mysql_execute
+php_uname
+proc_open
+pcntl_exec
+``
+include_once
+require
+require_once
+posix_mkfifo
+posix_getlogin
+posix_ttyname
+getenv
+get_current_user
+proc_get_status
+get_cfg_var
+disk_free_space
+disk_total_space
+diskfreespace
+getcwd
+getlastmo
+getmygid
+getmyinode
+getmypid
+getmyuid
+assert
+extract
+parse_str
+putenv
+ini_set
+pfsockopen
+fsockopen
+apache_child_terminate
+posix_kill
+posix_setpgid
+posix_setsid
+posix_setuid
+tmpfile
+bzopen
+gzopen
+chgrp
+chown
+copy
+file_put_contents
+lchgrp
+lchown
+link
+mkdir
+move_uploaded_file
+symlink
+tempnam
+imagecreatefromgif
+imagecreatefromjpeg
+imagecreatefrompng
+imagecreatefromwbmp
+imagecreatefromxbm
+imagecreatefromxpm
+ftp_put
+ftp_nb_put
+exif_read_data
+read_exif_data
+exif_thumbnail
+exif_imagetype
+hash_file
+hash_hmac_file
+hash_update_file
+md5_file
+sha1_file
+highlight_file
+show_source
+php_strip_whitespace
+get_meta_tags
+str_repeat
+unserialize
+register_tick_function
+register_shutdown_function