Follow us on Twitter!
Become the change you seek in the world. - Gandhi
Friday, April 18, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 26
Guests Online: 25
Members Online: 1

Registered Members: 82828
Newest Member: uberscon
Latest Articles
View Thread

HellBound Hackers | Computer General | Web hacking

Author

Basic question


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 15-05-08 16:05
Lets say that someone has programmed a basic PHP backdoor program, that allows arbitrary code to be executed on an infected web server. What would be the best method to implant the targetted web server with this PHP backdoor, that is, to get the PHP script to the server side without the knowledge of ssh/ftp passwords? Give me ideas.

-- Henux


Edited by on 15-05-08 16:23
Author

RE: Basic question

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 15-05-08 16:43
Hacking (if there is one) the only admin panel. This will probably involve these techniques:
-XSS
-Crawling (file-mapping)
-SQL Injection

If this doesn't work, try Remote File Inclusion, and include a php shell.

Then you could try some much-used SSH/FTP user/pass combinations.

If this doesn't work you're looking at exploiting an open service and hacking the whole server.




img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: Basic question


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 15-05-08 16:53
Thank you for your much detailed reply to my basic question.

-- Henux
Author

RE: Basic question


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 16-05-08 15:26
I see that I was rewarded with one negative community point by asking this kind of question. I understand my mistake and take a note out of it, and won't do it again.

Thank you.

-- Henux