********RESEARCH ONLY – DO NOT TRY ANYTHING I AM ABOUT TO DO AS YOU WILL MOST LIKELY END UP IN JAIL, I DO NOT ENDORSE NOR CONDONE DoS ATTACKS OR HACKING WEBSERVERS YOU DO NOT HAVE PERMISSION TO DO SO – HOWEVER IF THEY ARE AGAINST IRAN OR NORTH KOREA I WOULD LOOK THE OTHER WAY – I TAKE IN NO WAY RESPONSIBILITY FOR ANYTHING ILLEGAL YOU ARE ABLE TO DO WITH THIS INFORMATION *******
Related Articles
Like my webshell phpDOS mainly focused botnet which I built in a matter of minutes, I wondered if I could take over servers that other hackers had already broken into and backdoored without protecting. So, to start my research I decided to locate as many underground and publically available webshells and backdoors as I could, that was far too easy to do first off, in about 30 minutes I had over 500 different webshells scripts to play with. I loaded them all on my dedicated server to test them out, see what they would look like in a live dump, wrote some snort rules for certain execution patterns. Now the fun part, lets try something simple…..like grabbing the heads from a few of the files that the moron coders forgot to include for Google to not index their backdoors.
So here are a few of some of the strings that I began searching for:
################################
Php Backdoor v 1.0 by ^Jerem
################################
This backdoor coded in php allows
allows to control a web serv …
For use this script upload this
on the ftp server of the hacked
web site. Enjoy ^^
/**********************************************************/
/* CrystalShell v.1
/* ——— ———-
/*
/* Coded by : Super-Crystal and Mohajer22
/* ————————————————
/* Arab Security Center Team
/* mail : [email protected]
/* october73 shell & CrystalShell
/*
/*********************************************************/
Crystal shell
/*
DDDDD SSSSS DxShell by î_Î Tync
D D X X S
D D X SSSSS http://hellknights.void.ru/
D D X X S ICQ#244648
DDDDD SSSSS
*/
$GLOB[‘SHELL’][‘Ver’]=’1.0b’; /* ver of the shell */
$GLOB[‘SHELL’][‘Date’]=’26.04.2006′;
#######################################
## FaTaLisTiCz_Fx Fx29Sh 2.0.09.08 ##
define(‘sh_ver’,”2.0.09.08″); ##
## By FaTaLisTiCz_Fx ##
## © 03-09 2008 FeeLCoMz Community ##
## Written under PHP 5.2.5 ##
#######################################
$sh_name = sh_name(); ##
#######################################
#$sh_mainurl = “http://vidinas.net/templates/archzone/xml/cyberz.txt”;
$sh_mainurl = “http://vidinas.net/templates/archzone/xml/”;
$fx29sh_updateurl = $sh_mainurl.”fx29sh_update.php”;
$fx29sh_sourcesurl = $sh_mainurl.”fx29sh.txt”;
$sh_sourcez = array(
“Fx29Sh” => array($sh_mainurl.”cyberz.txt”,”fx29sh.php”),
“psyBNC” => array($sh_mainurl.”fx.tgz”,”fx.tgz”),
“Eggdrop” => array($sh_mainurl.”fxb.tgz”,”fxb.tgz”),
“BindDoor” => array($sh_mainurl.”bind.tgz”,”bind.tgz”),
);
##[ AUTHENTICATION ]##
$auth = array(
“login” => “”,
“pass” => “”,
“md5pass” => “”,
“hostallow” => array(“*”),
“denied” => “”.$sh_name.”: access denied!”,
);
##[ END AUTHENTICATION ]##
$curdir = “./”;
$tmpdir = “”;
$tmpdir_logs = “./”;
$log_email = “[email protected]”;
$sess_cookie = “fx29shcook”;
$sort_default = “0a”; #Pengurutan, 0 – nomor kolom. “a”scending atau “d”escending
$sort_save = TRUE; #Simpan posisi pengurutan menggunakan cookies.
$usefsbuff = TRUE;
$copy_unset = FALSE; #Hapus file yg telah di-copy setelah dipaste
*
Title:JspWebshell
*
*
Description: jspÍøÕ¾¹ÜÀí
*
*
Copyright:¾ø¶ÔÁã¶È[B.C.T] Copyright (c) 2006
*
*
Company: zero.cnbct.org
* PS:±¾³ÌÐòÊÇСµÜ´¦ÓÚÐËȤËùд£¬ÈçÓÐÒÉÎÊÇëÁªÏµQQ:48124012
* @version 1.2
*/
/+——————————–+\
| KA_uShell |
|
| Version 0.1.6 |
| 13.03.04 |
| Author: KAdot
|——————————–|
\+ +/
–>
/*
* MySQL Web Interface Version 0.8
* ——————————-
* Developed By SooMin Kim ([email protected])
* License : GNU Public License (GPL)
* Homepage : http://popeye.snu.ac.kr/~smkim/mysql
*/
$HOSTNAME = “localhost”;
function logon() {
global $PHP_SELF;
setcookie( “mysql_web_admin_username” );
setcookie( “mysql_web_admin_password” );
echo “\n”;
echo “
\n”;echo “
echo “\n”;
echo “
\n”;echo “
echo “
echo “ \n”; echo “\n”; echo “Copyleft © since 1999,\n”; echo “SooMin Kim echo “Hompage is ########################################################## # Small PHP Web Shell by ZaCo (c) 2004-2006 # # +POST method # # +MySQL Client+Dumper for DB and tables # # +PHP eval in text format and html for phpinfo() example # # PREVED: sn0w, Zadoxlik, Rebz, SkvoznoY, PinkPanther # # For antichat.ru and cup.su friends usage # # All bugs -> mailo:[email protected] # # Just for fun # ########################################################## #/\/\/\/\/\ MulCiShell v0.2 – Edited By KingDefacer/\/\/\/\/\/\/\# # Updates from version 1.0# # 1) Fixed MySQL insert function # 2) Fixed trailing dirs # 3) Fixed file-editing when set to 777 # 4) Removed mail function (who needs it?) # 5) Re-wrote & improved interface # 6) Added actions to entire directories # 7) Added config+forum finder # 8) Added MySQL dump function # 9) Added DB+table creation, DB drop, table delete, and column+table count # 10) Updated security-info feature to include more useful details # 11) _Greatly_ Improved file browsing and handling # 12) Added banner # 13) Added DB-Parser and locator # 14) Added enumeration function # 15) Added common functions for bypassing security restrictions # 16) Added bindshell & backconnect (needs testing) # 17) Improved command execution (alts) ***************************************************************************************************************** * Safe0ver Shell – Safe Mod Bypass By Evilc0der – Edited By KingDefacer * ***************************************************************************************************************** ***************************************************************************************************************** !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !! Dikkat ! Script Egitim Amacli Yazilmistir.Scripti Kullanarak Yapacaginiz Illegal eylemlerden sorumlu Degiliz. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! error_reporting(0); $PHPVer=phpversion(); $isGoodver=(intval($PHPVer[0])>=4); $scriptTitle = “Safe0ver”; $scriptident = “$scriptTitle By Evilc0der.com”; Cr@zy_King Ru24PostWebShell Writed by DreAmeRz http://www.ru24-team.net Default Changes – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – $owner = “SR-Crew”; Insert your nick $version = “2.0.0”; The version | _ \ ___ ___ | |_ / ___|| |__ ___| | | | |_) / _ \ / _ \| __| \___ \| ‘_ \ / _ \ | | | _ |_| \_\___/ \___/ \__| (_) |____/|_| |_|\___|_|_| Script: -=–=–=–=–=–=–=–=–=–=–=–=–=–=–=–=–=–=–=–=–=–=–=–=–=- Name: PHPJackal Version: 1.5 Author: -=–=–=–=–=–=–=–=–=–=–=–=–=–=–=–=–=–=–=–=–=–=–=–=–=- Name: NetJackal Country: Iran Website: http://netjackal.by.ru Email: [email protected] PHPJackal v1.5 – Powered By NetJackal /*########################################### Shell Bu Shell kodlarin derlemesi Megabros tarafindan yapilmistir.. Yapimci Ve derleyeN : Megabros ###########################################*/ * * lostDC shell * PHP Shell scritta da lostpassword, D3vilc0de crew * Rilasciata sotto licenza GPL 2009/2010 * Data rilascio: 25/12/2009 (eh si, il giorno di natale non avevo niente da fare) * La Shell presenta varie funzioni, ma rimane comunque in continuo aggiornamento * error_reporting(0); Loader’z WEB Shell v 0.1.0.2 {15 àâãóñòà 2005} Âîò êàêèå îí ïîääåðæèâàåò ôóíêöèè. – Ðàáîòà ñ ôàéëîâîé ñèñòåìîé ñ ïîìîùüþ PHP.  óäîáíîé òàáëèöå ïðåäñòàâëåíî ñîäåðæèìîå òåêóùåé ïàêè (äîáàâëåíèå â ýòîé âåðñèè, íîðìàëüíûé âèä ïðàâ, à íå ÷èñëî :)). – Âûïîëíåíèå êîäà, ïõï ðóëèò Kodlama by BLaSTER from TurkGuvenligi * iMHaPFTP.php – iMHaBiRLiGi Php Ftp Editoru * Copyright (C) 2003-2005 iMHaBiRLiGi * * Bu Kod Tamamiyle Özgür Yazilimdir. * Kötü Amaclar ile kullanilmamak sartiyla istenildigi gibi Kullanilabilir * Programin amaci ftp olmadan hostunuza baglanti kurup * Dosya ekleyip kaldira bilmektir. * Kodumuz 6 Dilde yazilmistir.Server Diline Göre Otomatik Secim Yapar. This Is The Server Information echo “ ************************* * ###### ##### ###### * * ###### ##### ###### * * ## ## ## * * ## #### ###### * * ## ## #### ###### * * ## ## ## ## * * ###### ## ###### * * ###### ## ###### * * * * Group Freedom Search! * ************************* GFS Web-Shell FaTaLisTiCz_Fx Fx29SheLL v2.0.09.08 .: No System is Perfectly Safe :. ‘ Tac gia: forever5pi (theo huong dan cua anh vicki-vkdt) ‘ Email : [email protected] ‘ Website: http://vnhacker.org option explicit /*************************************************************************** * Cyber Shell (v 1.0) * ——————- * copyright : (C) Cyber Lords, 2002-2006 * email : [email protected] * * http://www.cyberlords.net * * Coded by Pixcher * Lite version of php web shell ***************************************************************************/ # Edited By KingDefacer ‘ ——————–o0o——————– ‘ File: CmdAsp.asp ‘ Author: Maceo ‘ Release: 2000-12-01 ‘ OS: Windows 2000, 4.0 NT ‘ ——————————————- ‘ — check for a command that we have posted — ‘ str_replace(‘.’,”,’P.h.p.S.p.y’) http://www.alturks.com str_replace(‘.’,”,’P.h.p.S.p.y’);?> Ver: 2008 Logout | File Manager | MySQL Manager | MySQL Upload & Download | Execute Command | See part 2 for results….. http://www.computersecurity.org/cyber-security-training-learning-videos/web-application-attacks-website-app-attack/webshells/for-research-how-easy-is-it-to-find-webshells-and-basically-have-rootadmin-or-user-level-access-without-hacking-anything-part-2/ The post *FOR RESEARCH* How Easy is it to find Webshells and basically have Root/Admin or User Level Access without “Hacking” Anything – PART 1 appeared first on Computer Security Security News, Blog, Exploits, Shop & Services. |
This post first appeared on Computer Security.org - CyberSecurity News, Inform, please read the originial post: here