Tutorial PHP

Www.Show-Cs.Ro
Connect Show-Cs.Zapto.org !

Lista Forumurilor Pe Tematici

Www.Show-Cs.Ro | Inregistrare | Login

POZE WWW.SHOW-CS.RO

Nu sunteti logat.

Nou pe simpatie:
Cristina02

Femeie
24 ani
Arges
cauta Barbat
26 - 80 ani

Www.Show-Cs.Ro / Tutoriale / [Tutorial]PHP

Autor

Mesaj

Pagini: 1

air_g3org3
Administrator

Inregistrat: acum 15 ani
Postari: 228

Accest limbaj de programare pare inofensiv .. ma rog asa zice lumea dar eu unu il folosesc in multe cazuri si ma ajuta ff mult
Link sa invatazi ...

aici un Exemplu ce se poate face cu ell .. este un simplu backdoor

Code:

<?php
$user = "daemon";
$script_name = "uid"; //numele scriptului

/////////////////////////////////////////////
//incercam sa creiem un socket daca nu ee root
echo "\n__________________________________________\n";
echo "Trying to start a socket as user $user\n";
$uid_name = posix_getpwnam($user);
$uid_name = $uid_name['uid'];

if(posix_seteuid($uid_name))
{
echo "SUCCESS: You are now $user!\n";
if($socket = @socket_create(AF_INET, SOCK_RAW, 1))
{
echo "SUCCESS: You are NOT root and created a socket! This should not happen!\n";
} else {
echo "ERROR: socket_create() failed because you're not root!\n";
}
$show_process = shell_exec("ps aux | grep -v grep | grep $script_name");
echo "Current process stats::-->\t $show_process";
} else {
exit("ERROR: seteuid($uid_name) failed!\n");
}

/////////////////////////////////////////////
//acuma incercam sa creiem un socket ca root
echo "\n__________________________________________\n";
echo "Trying to start a socket as user 'root'\n";
if(posix_seteuid(0)) // 0 inseamna sa fii root  //
{
echo "SUCCESS: You are now root!\n";
$show_process = shell_exec("ps aux | grep -v grep | grep $script_name");
echo "Current process stats::-->\t $show_process";
if($socket = @socket_create(AF_INET, SOCK_RAW, 1))
{
echo "SUCCESS: You created a socket as root and now should seteuid() to another user\n";
/////////////////////////////////////////
//acuma modificam socketu pt alt user
echo "\n__________________________________________\n";
echo "Switching to user $user\n";
if(posix_seteuid($uid_name))
{
echo "SUCCESS: You are now $user!\n";
if(socket_bind($socket, 0, 7410))
{
echo "SUCCESS: socket_bind() worked as $user!\n";
} else {
echo "ERROR: Must be root to user socket_bind()\n";
}
$show_process = shell_exec("ps aux | grep -v grep | grep $script_name");
echo "Current process stats::-->\t $show_process";
socket_close($socket); //hard to error check but it does close as this user
echo "SUCCESS: You closed the socket as user $user!\n";
} else {
echo "ERROR: seteuid($uid_name) failed while socket was open!\n";
}

} else {
echo "ERROR: Socket failed for some reason!\n";
}
} else {
exit("ERROR: Changing to root failed!\n");
}
?>

"Ce inseamna un backdoor:
deci un backdoor este ca si o usita de rezerva in cazul in care cel pricipal este inchis
asta va poate ajuta cand ati crackuit\hackuit un server sa il aveti mereu chiar daca metoda prin care ati crackuito a fost detectata ... sper sa va fie de folos"

pus acum 15 ani

Pagini: 1

Mergi la