Sunday, June 12, 2011
Dark Script - the perfect PHP backdoor
Ok so I have this private PHP backdoor that I want to share with everyone (even though no one really reads my blog at the moment). Anyway I have polished it a little and I think it's starting to look like something, even though it's still a little rough around the edges. It works through a local (PHP) client, communicating to a "hook" on the remote server. This hook is only one line of code that the local client works through. This model and this backdoor has many advantages over the traditional r57shell or c99shell or g00nshell type of PHP shell. Heres a list:
Stealth
- The hook is the only thing on the server and it's tiny in size (126 bytes)
- Everything works via POST, which is very rarely logged server side
Security
- Every hook has a password
- A shared secret can be used with hooks for those paranoid about security
Flexibility
- All exploited servers are interacted with using the same control panel
- Some payloads can seamlessly be run on every selected exploited server simultaniously
- Only your client will ever need to be updated to get new features, the hook on the server can stay the same forever
- Because of the small size of the hook, it is often much easier to put on an insecure server than a traditional PHP shell
Other features
- Easy browsing, downloading, renaming and editing of files on server
- Easy browsing of MySQL data
- One click searching through PHP source code on the server in an attempt to find MySQL credentials
- One click backdooring of existing scripts on the server
- MySQL dictionary attack (for shared hosts mostly)
- Metasploit PHP Meterpreter intergrated and easily used
- Supports proxies, such as TOR
- And lots of other stuff
How to install:
Download Dark Script here
Extract it in the web directory of your PHP 5 server (this is the client)
Make the zombies dir writable if you are not on Windows
How to use:
First navigate to the client that you just installed. It will ask you for a password, the password you use will be used in the hooks you generate and for connecting to your hooks.
Now navigate to "Generate shell", choose a shell either with or without a shared secret, then somehow get your shell onto your target.
When your hook is on your target go to Connect zombie and type in the url address for the hook.
Now go to the Zombies & payloads menu, choose your newly connected zombie and experiment with the payloads.
Its as easy as that. Have fun :)
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The Infochive
Knowledge is power. Knowledge corrupts.
Sunday, June 12, 2011
Dark Script - the perfect PHP backdoor
Ok so I have this private PHP backdoor that I want to share with everyone (even though no one really reads my blog at the moment). Anyway I have polished it a little and I think it's starting to look like something, even though it's still a little rough around the edges. It works through a local (PHP) client, communicating to a "hook" on the remote server. This hook is only one line of code that the local client works through. This model and this backdoor has many advantages over the traditional r57shell or c99shell or g00nshell type of PHP shell. Heres a list:
Stealth
- The hook is the only thing on the server and it's tiny in size (126 bytes)
- Everything works via POST, which is very rarely logged server side
Security
- Every hook has a password
- A shared secret can be used with hooks for those paranoid about security
Flexibility
- All exploited servers are interacted with using the same control panel
- Some payloads can seamlessly be run on every selected exploited server simultaniously
- Only your client will ever need to be updated to get new features, the hook on the server can stay the same forever
- Because of the small size of the hook, it is often much easier to put on an insecure server than a traditional PHP shell
Other features
- Easy browsing, downloading, renaming and editing of files on server
- Easy browsing of MySQL data
- One click searching through PHP source code on the server in an attempt to find MySQL credentials
- One click backdooring of existing scripts on the server
- MySQL dictionary attack (for shared hosts mostly)
- Metasploit PHP Meterpreter intergrated and easily used
- Supports proxies, such as TOR
- And lots of other stuff
How to install:
Download Dark Script here
Extract it in the web directory of your PHP 5 server (this is the client)
Make the zombies dir writable if you are not on Windows
How to use:
First navigate to the client that you just installed. It will ask you for a password, the password you use will be used in the hooks you generate and for connecting to your hooks.
Now navigate to "Generate shell", choose a shell either with or without a shared secret, then somehow get your shell onto your target.
When your hook is on your target go to Connect zombie and type in the url address for the hook.
Now go to the Zombies & payloads menu, choose your newly connected zombie and experiment with the payloads.
Its as easy as that. Have fun :)