Web Backdoor Compilation
Need more reliable business email hosting? Intermedia has exchange 2007 hosting for your outlook exchange. Also, if you’d like to make a bit of money on the side, check out their exchange email outsourcing program.
Web Backdoor Compilation (wbc)
DK (http://michaeldaw.org)
Changelog
| Date | Change |
| 24 Apr 07 | Anti-Virus Capabilities (Work done by Dancho Danchev) |
| 14 Apr 07 | Version 1b (pre 1.2 release): perlcmd.cgi, cfexec.cfm, cmdasp.aspx |
| Dec/06 | Version 1 release. |
I have collected some WEB backdoors in the past to exploit vulnerable file upload facilities
and others. I think a library like this may be useful in a variety of situations.
Understanding how these backdoors work can help security administrators
implement firewalling and security policies to mitigate obvious attacks.
The package includes:
| Filename | Contributer | MD5 | Anti-Virus Detection | Risk |
| cmd-asp-5.1.asp | Brett Moore | 8baa99666bf3734cbdfdd10088e0cd9f | Webwasher-Gateway 6.0.1/20070419 | HIGH |
| cmdasp.asp | Maceo | 57b51418a799d2d016be546f399c2e9b |
Authentium 4.93.8 04.14.2007 Avast 4.7.981.0 04.16.2007 BitDefender 7.2 04.16.2007 ClamAV devel-20070312 04.16.2007 DrWeb 4.33 04.16.2007 Ewido 4.0 04.16.2007 F-Prot 4.3.2.48 04.13.2007 F-Secure 6.70.13030.0 04.16.2007 Kaspersky 4.0.2.24 04.16.2007 Microsoft 1.2405 04.16.2007 Symantec 10 04.16.2007 VBA32 3.11.3 04.14.2007 Webwasher-Gateway 6.0.1 04.16.2007 |
Low |
| cmdasp.aspx | Dominic Chell | 5e83b6ed422399de04408b80f3e5470e | None | CRITICAL |
| cmdjsp.jsp | Unknown | b815611cc39f17f05a73444d699341d4 | None | CRITICAL |
| jsp-reverse.jsp | Tan Chew Keong | 8b0e6779f25a17f0ffb3df14122ba594 | None | CRITICAL |
| php-backdoor.php | z0mbie | 2b5cb105c4ea9b5ebc64705b4bd86bf7 | AhnLab-V3 2007.4.19.1/20070419 AntiVir 7.3.1.53/20070419 Authentium 4.93.8/20070418 AVG 7.5.0.464/20070419 BitDefender 7.2/20070419 F-Prot 4.3.2.48/20070418 F-Secure 6.70.13030.0/20070419 Ikarus T3.1.1.5/20070419 Kaspersky 4.0.2.24/20070420 McAfee 5013/20070419 Microsoft 1.2405/20070419 NOD32v2 2205/20070419 Norman 5.80.02/20070419 VBA32 3.11.3/20070419 Webwasher-Gateway 6.0.1/20070419 |
Low |
| simple-backdoor.php | David Kierznowski | f091d1b9274c881f8e41b2f96e6b9936 | None | CRITICAL |
| perlcmd.cgi | David Kierznowski | 97ae7222d7f13e908c6d7f563cb1e72b | None | CRITICAL |
| cfexec.cfm | Kurt Grutzmacher | bd04f47283c53ca0ce6436a79ccd600f | None | CRITICAL |
Note: readme.txt is also included in this package but not listed here.
If you have contributions please let me know so that I can add them into a later
release.
Download here.
Hi David!
I have downloaded, but not tested any of it yet.
Just want to thank you for your initiative to
publish this!
Take care
/Johan P
Johan, no problem.
Its been surprising how many emails I have received on this. I am glad people are finding this resource useful. As I said in my post this package is primarily for security testers and developers.
If any of you have any web backdoors in your dusty directories just email ‘em on over.
If any of you would like to write (or have) reverse backdoors that would earn you extra points.
[…] For this time, it’s only a short entry and it’s more an information then something else. David Kierznowski wrote a blog entry yesterday about a collection of webbased backdoors including download. So as I said, it’s just an information and the only thing I can do is to say thank you to David for his work […]
Hi ,
This is good idea to collect them all together in one package.
But I guess you`ve missed “hacker_webkit” from OPEN-LABS.
it can be downloaded from http://open-labs.org/ .
based on their site :
===============
Pack of tools for doing pentest in a wide range webservers. Each module includes 3 components: Command execution, Directory + File navigation and File uploading. Current modules are: ASP, CFM, EXE, JSP, PHP, PL, SERVLET and SH.
btw , keep updating your great blog !
Hamid: Thanks for your comments and for letting me know about open-labs - darkraver is doing some good stuff over there. I must have a more indepth look later.
I had a brief look at the hacker_webkit and it looks quite good; however, I am hoping that wbc will grow into a test framework at some point; bypassing anti-virus filters, reverse shells etc. A bit more then just basic shells; even though that is what it is at the moment.
Why not add some File-Manager Backdoors ?
A web-based shell for asp.net : cmd.aspx
Several versions are available online, but this one doesn’t use a temporary file : http://xdiyer.uni.cc/?id=232
Nicob
[…] Operation n » Web Backdoor Compilation (tags: backdoor web hacking exploit php security tools crack) […]
[…] di supporto per evitare vulnerabilita’ all’interno dei propri sistemi. Vi rimando alla pagina del post originale in inglese per spiegazioni un po’ piu’ […]
Another web backdoor in perl I wrote some time ago is available at http://home.arcor.de/mschierlm/test/pmsh.pl (I don’t remember what the acronym pmsh was for).
It will require a Linux 2.6 server with CGI Perl support. It is a reverse backdoor that connects to a given IP and port. The special thing about it: It will allocate a pseudo terminal (pty) on the server and bind a shell to it - so if you connect it to (for example) putty, you can run all the nifty screen-based stuff like less or top in it (if those are present on the server, of course).
The code is not tested very well (used it once and it worked as expected) and hard-coding the IOCTL numbers is not very nice, but which webserver has perl headers for IOCTL numbers available…?
mihi
Hey,
I have a pair that I’ve collected and wanna contribute but I can’t seem to find your email. Anyway check out the c99 backdoor great for this type of stuff.
Cheers,
Ben
Ben,
Submissions are always welcome buddy. You can email them to david.kierznowski_at_gmail.com.
Thanks for the feedback.
Nice repository Dave!
There have been some cool features suggested here. A couple more I’ve heard people suggest are:
- Restrict the source IP addresses that can use the shell (to stop others abusing your backdoor).
- For the shell to delete itself if it is run after a given date (lest we forget which systems we’ve backdoored!)
Mark, WBCv2 is definately going to include these features or something along these lines. Ta for the suggestion buddy.
check out http://php.spb.ru/remview/
[…] year I started working on the Web Backdoor Compilation (WBC). The idea behind the project was the […]
[…] A voir sur le site perso de M. Daw : Web-Backdoor-Compilation […]
I was inspired by the idea of getting a proper reverse shell back. I’ve implemented this in PERL and PHP along with a couple of the other suggestions made above:
http://pentestmonkey.net/tools/perl-reverse-shell/
http://pentestmonkey.net/tools/php-reverse-shell/
Please feel free to reuse the code while improving some of the backdoors scripts already submitted.
Keep up the good work, Dave.
I was thinking about how to get an interactive shell on a webserver that allows uploads, but has a Firewall that is filtering inbound and outbound connections. It turns out that PHP scripts inherit file handles from Apache, so you can simply attach a shell to the existing TCP connection between browser and web server. Here’s a POC:
http://pentestmonkey.net/tools/php-findsock-shell/
It would be cool to add more “Findsock Shells” to the Web Backdoor Compilation. I’m not sure whether it’s possible to write similar code for web servers using PERL, ASP, ASPX, etc. Maybe some of your readers will have more of an idea.
Un coup d’oeil dans le rétro……
Cette nuit, nous allons fêter la nouvelle année (ou pas). Et peut-être nous laisser aller à quelques bonnes résolutions. Et probablement jeter un regard sur cette année 2007 qui vient de s’écouler. L’effet nostalgie du nouvel an……
Check out http://r57.li ..there is a nice collection.
WARNiNG: The r57 shell is backdoored…