Web Backdoor Compilation
Web Backdoor Compilation (wbc)
DK (http://michaeldaw.org)
Changelog
| Date | Change |
| 24 Apr 07 | Anti-Virus Capabilities (Work done by Dancho Danchev) |
| 14 Apr 07 | Version 1b (pre 1.2 release): perlcmd.cgi, cfexec.cfm, cmdasp.aspx |
| Dec/06 | Version 1 release. |
I have collected some WEB backdoors in the past to exploit vulnerable file upload facilities
and others. I think a library like this may be useful in a variety of situations.
Understanding how these backdoors work can help security administrators
implement firewalling and security policies to mitigate obvious attacks.
The package includes:
| Filename | Contributer | Anti-Virus Detection | MD5 | Risk |
| cmd-asp-5.1.asp | Brett Moore | Webwasher-Gateway 6.0.1/20070419 | 8baa99666bf3734c bdfdd10088e0cd9f |
HIGH |
| cmdasp.asp | Maceo | Authentium 4.93.8 04.14.2007 Avast 4.7.981.0 04.16.2007 BitDefender 7.2 04.16.2007 ClamAV devel-20070312 04.16.2007 DrWeb 4.33 04.16.2007 Ewido 4.0 04.16.2007 F-Prot 4.3.2.48 04.13.2007 F-Secure 6.70.13030.0 04.16.2007 Kaspersky 4.0.2.24 04.16.2007 Microsoft 1.2405 04.16.2007 Symantec 10 04.16.2007 VBA32 3.11.3 04.14.2007 Webwasher-Gateway 6.0.1 04.16.2007 |
57b51418a799d2d0 16be546f399c2e9b |
Low |
| cmdasp.aspx | Dominic Chell | None | 5e83b6ed422399de 04408b80f3e5470e |
CRITICAL |
| cmdjsp.jsp | Unknown | None | b815611cc39f17f05a 73444d699341d4 |
CRITICAL |
| jsp-reverse.jsp | Tan Chew Keong | None | 8b0e6779f25a17f0 ffb3df14122ba594 |
CRITICAL |
| php-backdoor.php | z0mbie | AhnLab-V3 2007.4.19.1/20070419 AntiVir 7.3.1.53/20070419 Authentium 4.93.8/20070418 AVG 7.5.0.464/20070419 BitDefender 7.2/20070419 F-Prot 4.3.2.48/20070418 F-Secure 6.70.13030.0/20070419 Ikarus T3.1.1.5/20070419 Kaspersky 4.0.2.24/20070420 McAfee 5013/20070419 Microsoft 1.2405/20070419 NOD32v2 2205/20070419 Norman 5.80.02/20070419 VBA32 3.11.3/20070419 Webwasher-Gateway 6.0.1/20070419 AVG Free 8.0.233 |
2b5cb105c4ea9b5e bc64705b4bd86bf7 |
Low |
| simple-backdoor.php | David Kierznowski | None | f091d1b9274c881f 8e41b2f96e6b9936 |
CRITICAL |
| perlcmd.cgi | David Kierznowski | None | 97ae7222d7f13e90 8c6d7f563cb1e72b |
CRITICAL |
| cfexec.cfm | Kurt Grutzmacher | None | bd04f47283c53ca0 ce6436a79ccd600f |
CRITICAL |
Note: readme.txt is also included in this package but not listed here.
If you have contributions please let me know so that I can add them into a later
release.
Download here.
If you enjoyed this post, please leave a comment or subscribe to the feed and get future articles delivered to your feed reader.
Johan, no problem.
Its been surprising how many emails I have received on this. I am glad people are finding this resource useful. As I said in my post this package is primarily for security testers and developers.
If any of you have any web backdoors in your dusty directories just email ‘em on over.
If any of you would like to write (or have) reverse backdoors that would earn you extra points.
[...] For this time, it’s only a short entry and it’s more an information then something else. David Kierznowski wrote a blog entry yesterday about a collection of webbased backdoors including download. So as I said, it’s just an information and the only thing I can do is to say thank you to David for his work [...]
Hi ,
This is good idea to collect them all together in one package.
But I guess you`ve missed “hacker_webkit” from OPEN-LABS.
it can be downloaded from http://open-labs.org/ .
based on their site :
===============
Pack of tools for doing pentest in a wide range webservers. Each module includes 3 components: Command execution, Directory + File navigation and File uploading. Current modules are: ASP, CFM, EXE, JSP, PHP, PL, SERVLET and SH.
btw , keep updating your great blog !
Hamid: Thanks for your comments and for letting me know about open-labs - darkraver is doing some good stuff over there. I must have a more indepth look later.
I had a brief look at the hacker_webkit and it looks quite good; however, I am hoping that wbc will grow into a test framework at some point; bypassing anti-virus filters, reverse shells etc. A bit more then just basic shells; even though that is what it is at the moment.
A web-based shell for asp.net : cmd.aspx
Several versions are available online, but this one doesn’t use a temporary file : http://xdiyer.uni.cc/?id=232
Nicob
[...] Operation n » Web Backdoor Compilation (tags: backdoor web hacking exploit php security tools crack) [...]
[...] di supporto per evitare vulnerabilita’ all’interno dei propri sistemi. Vi rimando alla pagina del post originale in inglese per spiegazioni un po’ piu’ [...]
Another web backdoor in perl I wrote some time ago is available at http://home.arcor.de/mschierlm/test/pmsh.pl (I don’t remember what the acronym pmsh was for).
It will require a Linux 2.6 server with CGI Perl support. It is a reverse backdoor that connects to a given IP and port. The special thing about it: It will allocate a pseudo terminal (pty) on the server and bind a shell to it - so if you connect it to (for example) putty, you can run all the nifty screen-based stuff like less or top in it (if those are present on the server, of course).
The code is not tested very well (used it once and it worked as expected) and hard-coding the IOCTL numbers is not very nice, but which webserver has perl headers for IOCTL numbers available…?
mihi
Hey,
I have a pair that I’ve collected and wanna contribute but I can’t seem to find your email. Anyway check out the c99 backdoor great for this type of stuff.
Cheers,
Ben
Ben,
Submissions are always welcome buddy. You can email them to david.kierznowski_at_gmail.com.
Thanks for the feedback.
Nice repository Dave!
There have been some cool features suggested here. A couple more I’ve heard people suggest are:
- Restrict the source IP addresses that can use the shell (to stop others abusing your backdoor).
- For the shell to delete itself if it is run after a given date (lest we forget which systems we’ve backdoored!)
Mark, WBCv2 is definately going to include these features or something along these lines. Ta for the suggestion buddy.
check out http://php.spb.ru/remview/
[...] year I started working on the Web Backdoor Compilation (WBC). The idea behind the project was the [...]
I was inspired by the idea of getting a proper reverse shell back. I’ve implemented this in PERL and PHP along with a couple of the other suggestions made above:
http://pentestmonkey.net/tools/perl-reverse-shell/
http://pentestmonkey.net/tools/php-reverse-shell/
Please feel free to reuse the code while improving some of the backdoors scripts already submitted.
Keep up the good work, Dave.
I was thinking about how to get an interactive shell on a webserver that allows uploads, but has a Firewall that is filtering inbound and outbound connections. It turns out that PHP scripts inherit file handles from Apache, so you can simply attach a shell to the existing TCP connection between browser and web server. Here’s a POC:
http://pentestmonkey.net/tools/php-findsock-shell/
It would be cool to add more “Findsock Shells” to the Web Backdoor Compilation. I’m not sure whether it’s possible to write similar code for web servers using PERL, ASP, ASPX, etc. Maybe some of your readers will have more of an idea.
Un coup d’oeil dans le rétro……
Cette nuit, nous allons fêter la nouvelle année (ou pas). Et peut-être nous laisser aller à quelques bonnes résolutions. Et probablement jeter un regard sur cette année 2007 qui vient de s’écouler. L’effet nostalgie du nouvel an……
[...] Web shells - this package has web shells for php, asp, jsp, cgi, cfm. You’ll never find a site vulnerable to rfi that you will not have the possibility to exploit. [...]
[...] to test your Anti Virus out, there is an archive of backdoor web scripts (some which I wrote) on Michael Daw. I have used these a lot when testing various systems. When attempting to download the file, your [...]
Hi David!
I have downloaded, but not tested any of it yet.
Just want to thank you for your initiative to
publish this!
Take care
/Johan P