Monday, January 21, 2013

PHP BACKDOOR / C99 SHELL


PHP BACKDOOR SCRIPT

Today we will talk about php backdoor ;)

Its nothing but cool php script that we can use in order to

1)      Travel across directories
2)      View files
3)      Edit files
4)      Download files
5)      Delete files
6)      Edit files
7)      Upload files
8)      Execute MySql queries / commands
9)      Bypass mod_security
10)   Permissions to directory/folders
11)   Execute shell commands

In short this is a script which everyone must have. But always remember it’s a hack don’t upload it on your server. If you upload it on any apache server anyone can  play GOD. So don’t forget to remove from server when you are done.
I have uploaded it on my github.



LINK: My GITHUB backdoor script




Thanks for reading.

Enjoy & Be Open

30 comments:

  1. Since you're being so nice with this script, at least tell how to protect from it. Unless your goal is destroying other people's work

    ReplyDelete
    Replies
    1. Protection countermeasures are formed using the tools and information from the previous steps. Here are some bullets in the PHP configuration that sysadmins must pay attention:

      1)allow_url_fopen: PHP file functions are allowed to include remote files from external FTP or HTTP locations. This option is enabled by default installation and is rarely used.
      2) Dangerous PHP functions: Using the disable_functions field in the php.ini, disable all the dangerous PHP system functions (system, shell_exec, passthru etc) that might be used from malicious codes. Be careful with the rare cases in which some web platforms need some of these function.
      3) open_basedir: Use this variable in the php.ini configuration to limit file operations to the defined directory and low.
      4) web user permission: Carefully examine the web user access level and its permission.

      By carefully editing the PHP security audit report options, adopting an automate malware detection tool and examining the bullets mentioned above, an adequate security level is established for your running web servers and platforms.

      Delete
  2. hello amit.

    i'm new with penetration testing and i love to learn and study about it. currently, i've been focusing on web application security. can you explain how i can handle backdoor after i upload it into server? i mean, what is the next step i should do after i upload it? to recall back the php and taking over the server. what tool should i use? metasploit or sqlmap? i've backtrack running on my laptop. truth is, i'm not fully finish studying backtrack and web app. i hope you can guide a noob like me :)

    ReplyDelete
    Replies
    1. Hey,

      I have did some research and I think you should go for BackTrack. Just install it on your distro and check for Web Application Analysis.
      Attachment Image from BcakTrack
      http://i.imgur.com/LpfcsTu.jpg?1


      Delete
  3. Hello Admin, thank you for enlightening us with your knowledge sharing. PHP has become an inevitable part of web development, and with proper PHP training in Chennai, one can have a strong career in the web development field. We from Fita provide PHP course in Chennai with the best facilitation. Any aspiring students can join us for the best PHP training institute in Chennai.

    ReplyDelete
  4. After seeing your article I want to say that the presentation is very good and also a well-written article with some very good information which is very useful for the readers....thanks for sharing it and do share more posts like this.

    angularjs-Training in tambaram

    angularjs-Training in sholinganallur

    angularjs-Training in velachery

    angularjs Training in bangalore

    angularjs Training in bangalore

    angularjs Training in btm

    ReplyDelete
  5. I found your blog while searching for the updates, I am happy to be here. Very useful content and also easily understandable providing.. Believe me I did wrote an post about tutorials for beginners with reference of your blog. 
    Java training in Bangalore | Java training in Btm layout

    Java training in Bangalore |Java training in Rajaji nagar

    Java training in Bangalore | Java training in Kalyan nagar

    ReplyDelete
  6. Inspiring writings and I greatly admired what you have to say , I hope you continue to provide new ideas for us all and greetings success always for you..Keep update more information.

    rpa training in chennai
    rpa training in bangalore
    rpa course in bangalore
    best rpa training in bangalore
    rpa online training

    ReplyDelete
  7. I appreciate your efforts because it conveys the message of what you are trying to say. It's a great skill to make even the person who doesn't know about the subject could able to understand the subject . Your blogs are understandable and also elaborately described. I hope to read more and more interesting articles from your blog. All the best.
    python training Course in chennai
    python training in Bangalore
    Python training institute in bangalore

    ReplyDelete
  8. Really you have done great job,There are may person searching about that now they will find enough resources by your post.

    Devops Training in Chennai | Devops Training Institute in Chennai

    ReplyDelete
  9. Wonderful thanks for sharing an amazing idea. keep it...

    Looking for Hadoop Admin Training in Bangalore, learn from Softgen Infotech provide Hadoop Admin Training on online training and classroom training. Join today!

    ReplyDelete
  10. This comment has been removed by the author.

    ReplyDelete
  11. This is awesome post. Really very informative and creative contents. These concept is a good way to enhance the knowledge.


    aws training in chennai | aws training in annanagar | aws training in omr | aws training in porur | aws training in tambaram | aws training in velachery





    ReplyDelete
  12. I am really happy by seeing your post.

    BEST ANGULAR JS TRAINING IN CHENNAI WITH PLACEMENT

    https://www.acte.in/angular-js-training-in-chennai
    https://www.acte.in/angular-js-training-in-annanagar
    https://www.acte.in/angular-js-training-in-omr
    https://www.acte.in/angular-js-training-in-porur
    https://www.acte.in/angular-js-training-in-tambaram
    https://www.acte.in/angular-js-training-in-velachery

    ReplyDelete
  13. I found your blog while searching for the updates, I am happy to be here. Very useful content and also easily understandable providing.. Believe me I did wrote an post about tutorials for beginners with reference of your blog.
    hadoop training in chennai

    hadoop training in annanagar

    salesforce training in chennai

    salesforce training in annanagar

    c and c plus plus course in chennai

    c and c plus plus course in annanagar

    machine learning training in chennai

    machine learning training in annanagar

    ReplyDelete