Results 1 to 1 of 1

Thread: A better PHP backdoor script (I have one here)

Threaded View

  1. #1
    Just burned his ISO
    Join Date
    Jul 2011

    Default A better PHP backdoor script (I have one here)

    Script Purpose: Maintaining Access/Web Backdoor
    Script Language: PHP
    License: Public Domain

    The current PHP backdoor script is a little lacking in features and has a number of bugs in it. I've rewritten the script and done the following:
    • Uploads actually work, the method is a little rough but its the only way to upload to a dynamic folder (the current on in BT tries to pass a text field for the directory and the file in the same form; that can not be done in HTTP).
    • View source function to displays as text/plain so it doesn't output HTML characters and execute client side code (the current one in BT doesn't fix output making you execute any HTML and client side scripts in the document).
    • Download files with good error handling.
    • Good directory traversal functionality.
    • Editing of files.
    • Deletion of files.
    • Improved MySQL command execution.
    • Improved shell command error handling (warns if on safe mode).
    • Measures to bypass mod_security (it would otherwise prevent you from browsing certian directories or editing certian characters into a file).
    • An option to highlight likely database interaction files.
    • All code conforms to the principles of structured coding (all in if/else statements, no die() commands).
    • Allowed the gzip and download of a directory, this rarely works due to permissions.
    • Added the ability to CHMOD777 a folder, rarely works either.
    • Tested on Windows and Linux using PHP 4 and 5.

    The only drawback this has in comparison to the other one is that its over 400 lines long, but other than that it is superior in every way. I request that this tool be considered to replace the current PHP backdoor script in backtrack.

    You can view the page for the tool here. I'd post the source here as well but it puts me over the 10k char limit.

    Daniel Berliner
    Last edited by DanielB; 07-26-2011 at 05:02 PM.

Similar Threads

  1. Got FTP Access, how to backdoor
    By vichiee in forum Experts Forum
    Replies: 1
    Last Post: 04-16-2011, 08:54 AM
  2. Replies: 20
    Last Post: 03-26-2011, 08:30 PM
  3. Replies: 6
    Last Post: 10-08-2010, 11:40 PM
  4. Replies: 10
    Last Post: 07-12-2010, 03:04 PM
  5. How To Backdoor an OPN AP
    By Eatme in forum OLD Pentesting
    Replies: 23
    Last Post: 08-18-2009, 04:41 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts