Comments on: Web Backdoor Compilation

By: 3 Tips to Avoid Dangerous Themes and Plugins

3 Tips to Avoid Dangerous Themes and Plugins — Tue, 10 Feb 2009 02:10:31 +0000

[...] to test your Anti Virus out, there is an archive of backdoor web scripts (some which I wrote) on Michael Daw. I have used these a lot when testing various systems. When attempting to download the file, your [...]

By: Web Hacking | uNkn0wn.eu

Web Hacking | uNkn0wn.eu — Thu, 08 May 2008 13:09:34 +0000

[...] Web shells – this package has web shells for php, asp, jsp, cgi, cfm. You’ll never find a site vulnerable to rfi that you will not have the possibility to exploit. [...]

By: eSpy

eSpy — Sun, 13 Jan 2008 19:13:20 +0000

Check out http://r57.li ..there is a nice collection.

WARNiNG: The r57 shell is backdoored…

By: Ma petite parcelle d'Internet...

Ma petite parcelle d'Internet... — Mon, 31 Dec 2007 17:40:27 +0000

Un coup d’oeil dans le rétro……

Cette nuit, nous allons fêter la nouvelle année (ou pas). Et peut-être nous laisser aller à quelques bonnes résolutions. Et probablement jeter un regard sur cette année 2007 qui vient de s’écouler. L’effet nostalgie du nouvel an……

By: pentestmonkey

pentestmonkey — Mon, 03 Sep 2007 18:54:02 +0000

I was thinking about how to get an interactive shell on a webserver that allows uploads, but has a Firewall that is filtering inbound and outbound connections. It turns out that PHP scripts inherit file handles from Apache, so you can simply attach a shell to the existing TCP connection between browser and web server. Here’s a POC:

http://pentestmonkey.net/tools/php-findsock-shell/

It would be cool to add more “Findsock Shells” to the Web Backdoor Compilation. I’m not sure whether it’s possible to write similar code for web servers using PERL, ASP, ASPX, etc. Maybe some of your readers will have more of an idea.

By: pentestmonkey

pentestmonkey — Sun, 27 May 2007 11:22:14 +0000

I was inspired by the idea of getting a proper reverse shell back. I’ve implemented this in PERL and PHP along with a couple of the other suggestions made above:

http://pentestmonkey.net/tools/perl-reverse-shell/
http://pentestmonkey.net/tools/php-reverse-shell/

Please feel free to reuse the code while improving some of the backdoors scripts already submitted.

Keep up the good work, Dave.

By: My Info Blog » Une collection de BackDoors et de Shells pour serveurs web

My Info Blog » Une collection de BackDoors et de Shells pour serveurs web — Fri, 18 May 2007 14:31:34 +0000

[...] A voir sur le site perso de M. Daw : Web-Backdoor-Compilation [...]

By: Operation n » AVs prove less-effective

Operation n » AVs prove less-effective — Tue, 24 Apr 2007 23:38:47 +0000

[...] year I started working on the Web Backdoor Compilation (WBC). The idea behind the project was the [...]

By: jacob

jacob — Fri, 20 Apr 2007 20:01:02 +0000

check out http://php.spb.ru/remview/

By: David Kierznowski

David Kierznowski — Fri, 20 Apr 2007 19:37:53 +0000

Mark, WBCv2 is definately going to include these features or something along these lines. Ta for the suggestion buddy.