Gadgets are available not only for graphical desktop environments. There are gadgets for web applications such as WordPress for example.

Still in this article I’ll make a review of Google gadgets running on Linux. I have bought a new Lenovo last month and since then I have left my old LXDE in favour of the good old Gnome. Of course, this change has had to come with lots more graphical extras

So my next move was to install some gadgets and I can’t even remember how I stumbled upon Google gadgets. The very first thing I liked is the big analogue clock. The most useful gadget is the one for checking Gmail. Here is how my Desktop looks like now:

$ dd if=/dev/urandom count=128 bs=1 2>&1 | md5sum | cut -b-10

This will generate a random string of 10 symbols. In order to change its length just change the last number from 10.

There are also some ready to use utilities such as makepasswd which are available on Ubuntu and other distributions. You can generate 10 characters with makepasswd as follows:

$ makepasswd –char=10

Under Linux (Ubuntu and its derivatives for sure) there is only one way to amend this. Go to .mozilla-thunderbird, find the directory for your profile (something like rv7dwavi.default) and open the file prefs.js.

Then search for the strings  network.protocol-handler.app.http and network.protocol-handler.app.https.

Usually these directives are missing so you can safely add them anew as follows:

user_pref(“network.protocol-handler.app.http”, “google-chrome”);

user_pref(“network.protocol-handler.app.https”, “google-chrome”);

That’s all and from now on Thunderbird will open all links in Google Chrome.

In our case, we will assume the attacker has inserted the following string “<script> bla$%333%blablalalala </script>” at random lines inline in PHP files. Here is an example:

<?php

echo ‘Supa site blabla’; <script> bla$%333%blablalalala </script>

include(‘hackme.php’);

?>

No problem to clean this with sed and a simple regular expression:

find -name “*.php” |xargs sed -i ‘s/<script>.*blabla.*<\/script>//g’

First we find every php file and pass it to sed with xargs. Then sed looks for anything that begins with <script> has anything inside(.*), has blabla somewhere in the middle, again has anything and ends with </script>. The “/” has been escaped with “\” while .* means anything.

The above will work as long as you customize it for your case. You just have to change script’s opening and closing tags to anything else the attacker has used to begin and end his stuff.

In my experience I have come upon one problem with such cases. The attacker’s script left a blank line between or after his malicious code. When the malicious code is inserted at the end of a php file, this means that php files will have an empty line in the end after cleaning up the malicious code. Then you will get warnings such as “Headers already sent”. In this case we will have to delete the last empty lines from all php files using this sed string:

find -name “*.php” |xargs sed -i ‘${/^$/d}’

However, sometimes hackers / crackers play it hard and insert the malicious code over several lines. In this case sed would not help, because it processes the file line by line. The easiest solution is using this perl script:

$cat multiline-replace.pl

#!/usr/bin/perl
open(INPUT,”<$ARGV[0]“) or die;
@input_array=<INPUT>;
close(INPUT);
$input_scalar=join(“”,@input_array);
# Do your substitution here.
$input_scalar =~ s#\<\?php.*maliciouspattern.*\n.*\n.*?>\n##ig;
open(OUTPUT,”>$ARGV[0]“) or die;
print(OUTPUT $input_scalar);
close(OUTPUT);

First, the above has been copied almost literary from linuxquesions.org. There are two important things about it:

\<\?php.*maliciouspattern.*\n.*\n.*?>\n is the regular expression which matches (with the escapes):

<?php maliciouspattern ))
//I am a smart hacker, am not I ;P
?>

I have added an additional \n to the regex because otherwise it leaves a blank line

The next thing is that the script looks for the first argument from the standard input. So if you’d like to run the above on all *.php scripts recursively, you should do it like this:

for i in `find -name “*.php”`; do ./multiline-replace.pl $i; done

The above runs the script file by file. It might take a bit longer but it will not exceed the maximum length for a bash variable no matter how many files you have, nor it will cause too high load on the server.

If you make the mistake to leave an empty line in one of sed’s mutations, here is how to delete it:

sed -i ‘/./,/^$/!d’

Hopefully this helps you fight those bad people and make the world better Don’t forget to make backups because all kinds of crazy stuff happens