Script Purpose: Maintaining Access/Web Backdoor
Script Language: PHP
License: Public Domain
The current PHP backdoor script is a little lacking in features and has a number of bugs in it. I've rewritten the script and done the following:
- Uploads actually work, the method is a little rough but its the only way to upload to a dynamic folder (the current on in BT tries to pass a text field for the directory and the file in the same form; that can not be done in HTTP).
- View source function to displays as text/plain so it doesn't output HTML characters and execute client side code (the current one in BT doesn't fix output making you execute any HTML and client side scripts in the document).
- Download files with good error handling.
- Good directory traversal functionality.
- Editing of files.
- Deletion of files.
- Improved MySQL command execution.
- Improved shell command error handling (warns if on safe mode).
- Measures to bypass mod_security (it would otherwise prevent you from browsing certian directories or editing certian characters into a file).
- An option to highlight likely database interaction files.
- All code conforms to the principles of structured coding (all in if/else statements, no die() commands).
- Allowed the gzip and download of a directory, this rarely works due to permissions.
- Added the ability to CHMOD777 a folder, rarely works either.
- Tested on Windows and Linux using PHP 4 and 5.
The only drawback this has in comparison to the other one is that its over 400 lines long, but other than that it is superior in every way. I request that this tool be considered to replace the current PHP backdoor script in backtrack.
You can view the page for the tool here. I'd post the source here as well but it puts me over the 10k char limit.