1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Callback/Null Script checker

Discussion in 'Black Hat SEO Tools' started by Gamboloyd, Nov 29, 2011.

  1. Gamboloyd

    Gamboloyd Registered Member

    Joined:
    Sep 16, 2010
    Messages:
    79
    Likes Received:
    36
    Occupation:
    Freelance Writer and confused IM
    Location:
    Somewhere in a BHW thread
    Hi folks. Is there any way to check online if a plugin has callbacks in it? I'm sure I read it in a thread here ages ago but for the love of all things shiny I can't find it. Any ideas?
     
  2. JohnsonDaniel

    JohnsonDaniel Regular Member

    Joined:
    May 16, 2008
    Messages:
    389
    Likes Received:
    1,385
    Location:
    In a bright place---------------------------------
    TAC (theme authenticity checker) will do a check of your theme (you'll find it via the WP plugins repository), but not 100% sure if it checks plugin files also.

    There's also an Antivirus for WP (again, from general repository), which, afaik, checks ALL of your WP files for virii or malware.
     
    • Thanks Thanks x 1
  3. Gamboloyd

    Gamboloyd Registered Member

    Joined:
    Sep 16, 2010
    Messages:
    79
    Likes Received:
    36
    Occupation:
    Freelance Writer and confused IM
    Location:
    Somewhere in a BHW thread
    Thanks. Needed to know as I keep wondering if some of the nulled software I acquire is doing anything dubious. :eek:
     
  4. imth3one

    imth3one Newbie

    Joined:
    Nov 5, 2008
    Messages:
    47
    Likes Received:
    10
    This is probably complicated but you'll be sure.

    Install the script on your localhost and use a http sniffer to monitor the requests.
     
  5. ESM2012

    ESM2012 Regular Member

    Joined:
    Sep 21, 2011
    Messages:
    233
    Likes Received:
    330
    Occupation:
    Owner, SEO/Social Media Company
    Location:
    Austin TX
    Excuse my ignorance, but what does a callback actually do?
     
  6. paincake

    paincake Power Member

    Joined:
    Aug 18, 2010
    Messages:
    716
    Likes Received:
    3,099
    Home Page:
    One way would be to search all files for these functions (one at a time):
    PHP:
    file_get_contents
    http_get
    curl_exec
    base64_decode
    exec
     
    • Thanks Thanks x 2
  7. TZ2011

    TZ2011 Senior Member

    Joined:
    Jun 26, 2011
    Messages:
    832
    Likes Received:
    863
    Occupation:
    Cleaning servers
    Exactly. Also look for http://
    I use FileSeek from
    Code:
    http://www.fileseek.ca/
    , nice freeware with extra functions, looking for lines in all files and listing them for further editing.
     
    • Thanks Thanks x 1
  8. Gamboloyd

    Gamboloyd Registered Member

    Joined:
    Sep 16, 2010
    Messages:
    79
    Likes Received:
    36
    Occupation:
    Freelance Writer and confused IM
    Location:
    Somewhere in a BHW thread
    Thanks loads folks. I will check out your suggestions. No harm in a bit of healthy paranoia :)
     
  9. synergyxtr

    synergyxtr Newbie

    Joined:
    Jun 7, 2011
    Messages:
    32
    Likes Received:
    7
    Occupation:
    Analyst for Synergy Extreme
    Location:
    Australia
    Home Page:
    When the software calls back its home website to monitor if we are using their software.
     
  10. upl8t

    upl8t Regular Member

    Joined:
    Apr 9, 2008
    Messages:
    475
    Likes Received:
    84
    Location:
    New Scotland
    Some plugins are licensed by domain or for a limited number of domains so the plugin communicates the serial number to the developer. This way he knows if it's being used where it shouldn't.
     
  11. x-bassist

    x-bassist Junior Member

    Joined:
    May 27, 2009
    Messages:
    126
    Likes Received:
    55
    exploit scanner
    Code:
    http://wordpress.org/extend/plugins/exploit-scanner/
    
     
  12. Nitros

    Nitros Power Member

    Joined:
    Jan 30, 2009
    Messages:
    573
    Likes Received:
    295

    and "eval" as money people are using javascript eval() function to hide something ;)
     
  13. kkvsam

    kkvsam Senior Member

    Joined:
    Oct 11, 2009
    Messages:
    936
    Likes Received:
    569
    Occupation:
    SYS ADMIN
    Home Page:
    If they encrypted the files , so how do we find it?
    I think most of them are encrypted..
     
  14. Markbh

    Markbh Regular Member

    Joined:
    Jul 8, 2010
    Messages:
    224
    Likes Received:
    1,103
    Occupation:
    Freelance Marketing Consultant
    Location:
    High Seas
    @kkvsam

    Try this link:

    HTML:
    http://ottodestruct.com/decoder.php
     
  15. SuperNoobInc

    SuperNoobInc Regular Member

    Joined:
    Dec 28, 2011
    Messages:
    467
    Likes Received:
    32
    So what does a 'callback' script looks like;

    For example, I just searched the entire folder for "curl_exec" and i found the following;

    Is this some sort of call back in this case? Please advise. Thanks