Security Training Share
PhpSploit is a remote control framework, aiming to provide a stealth interactive shell-like connection over HTTP between client and web server. It is a post-exploitation tool capable to maintain access to a compromised web...
PHP malware finder does it is very best to detect obfuscated/dodgy code as well as files using PHP functions often used in malware/webshells. The following list of encoders/obfuscators/webshells are also detected: Best PHP Obfuscator...
Introduce WeBaCoo – Web Backdoor Cookie Script-Kit. aiming to provide a stealth terminal-like connection over HTTP between client and web server. It is a post exploitation tool to maintain access to a compromised web...
ShellComm is a simple interactive CLI remote shell communicator. Sometimes, during a pentest, you get to upload a shell but you can’t upload a heavy, complex one for whatever reason. In those situations, you can...
Web Shell Detector – is a php script that helps you find and identify php/cgi(perl)/asp/aspx shells. Web Shell Detector has a “web shells” signature database that helps to identify “web shell” up to 99%....
File upload vulnerability is when the user uploads an executable script file, and through the script file to obtain the ability to execute server-side commands. This attack is the most direct and effective, and...
View the access log See if there’s a file upload (POST method): IPREMOVED – – [01/Mar/2013:06:16:48 -0600] “POST/uploads/monthly_10_2012/view.php HTTP/1.1” 200 36 “-” “Mozilla/5.0” IPREMOVED – – [01/Mar/2013:06:12:58 -0600] “POST/public/style_images/master/profile/blog.php HTTP/1.1” 200 36 “-” “Mozilla/5.0″...
Normally, you often write webshell that includes numbers and letter like below: For bypass WAF, you can use some techniques to re-write your webshell. Idea First, clear ideas. My core idea is to non-letter,...
ShellStack is a PHP based backdoor management tool. This Tool comes handy for “HACKERS” who wish to keep a track of every website they hack. The tool generates a backdoor file which you just...
snodew is a PHP reverse shell backdoor which uses a small suid binary to escalate privileges on connection snodew is made mainly to work alongside vlany but can also be setup as a regular root backdoor....
