RegisterLogin

Information

For your security
Never give out any banking or other information that is considered personal anywhere on the site.


Warning



The information herein is for educational purposes only and the reader is reminded that hacking a computer system is illegal in many countries and the responsibility lies with the person performing the hack.


Threat on servers



Is antivirus necessary on a server? or even a Linux or BSD based server?
Linux or BSD are known to be extremely reliable systems, but there are strategies for attempting a hack.
Typically, a server hosts listening services ready to respond to user requests, and many of these strategies are geared toward forcing these services to perform unintended actions.


Server web



On this page we will show a possible situation of an http/https server (known as a web server or server hosting a website).
There are many sites where it is possible to upload a file and if this is possible without additional controls it exposes the server to a serious cyber threat: web shell.


Web shells



Web shells aim to execute commands on the server, in Linux or BSD systems the most potentially dangerous commands are protected by administration passwords, but this does not make the server safe because:
1. there are commands that with execution privileges as a web server can delete, modify website files and thus this exposes website users to potential cyber, privacy or sensitive data acquisition threats.
2. even commands that require the administration password can be executed under circumstances that will not be examined on this page.


Web shells in PHP



PHP web shell examples are Nano, Shellmon.
It is characterized by the fact that the PHP system function is not inside the PHP script, but is inserted through the GET.
And this makes it harder for an antivirus to identify, plus you can modify the GET with the here equivalent in Unicode.

$_GET[f]($GET_[c]);

Example of script usage with ls command: Open http://SERVER_IP/nano.php?f=system&c=ls in browser and the result of the ls command will be shown


In this example we will run the list file (ls) command for illustrative purposes only, the command is executed by the operating system.


Explanation of nano script execution



PHP has a functions to execute system commands, one of them is the system function which is passed as a GET parameter.
Always through GET is passed the parameter of the function system that identifies the exact command to execute.

ADS
we are looking for sponsors, please contact us you may see your advertisement here








This site uses cookies.
Some of these cookies are essential, while others help us to improve your experience by providing insights into how the site is begin used.
For more detailed information on the cookies we use, please check our Privacy Policy
Necesary Cookies
Necessary cookies enable core functionality. The website cannot function properly without these cookies.
Analytical cookies help us to improve our website by collecting and reporting information on its usage.
Social Sharing Cookies
We use some social sharing plugins, to allow uou to share certain pages of our website on social mesia.
These plugins place cookies so that you can correctly view how many times a page has been readed