Tutorial PHP

Www.Hackinng.Ro
Totul despre Hacking !!!

Lista Forumurilor Pe Tematici

Www.Hackinng.Ro | Inregistrare | Login

POZE WWW.HACKINNG.RO

Nu sunteti logat.

Nou pe simpatie:
just_iulia la Simpatie.ro

Femeie
25 ani
Giurgiu
cauta Barbat
26 - 48 ani

Www.Hackinng.Ro / Hacking-ul nostru cel de toate zilele / [Tutorial]PHP

Autor

Mesaj

Pagini: 1

air_g3org3
Administrator

Inregistrat: acum 14 ani
Postari: 734

Accest limbaj de programare pare inofensiv .. ma rog asa zice lumea dar eu unu il folosesc in multe cazuri si ma ajuta ff mult
Link sa invatazi ...

aici un Exemplu ce se poate face cu ell .. este un simplu backdoor
<?php
$user = "daemon";
$script_name = "uid"; //numele scriptului

/////////////////////////////////////////////
//incercam sa creiem un socket daca nu ee root
echo "\n__________________________________________\n";
echo "Trying to start a socket as user $user\n";
$uid_name = posix_getpwnam($user);
$uid_name = $uid_name['uid'];

if(posix_seteuid($uid_name))
{
echo "SUCCESS: You are now $user!\n";
if($socket = @socket_create(AF_INET, SOCK_RAW, 1))
{
echo "SUCCESS: You are NOT root and created a socket! This should not happen!\n";
} else {
echo "ERROR: socket_create() failed because you're not root!\n";
}
$show_process = shell_exec("ps aux | grep -v grep | grep $script_name"

;
echo "Current process stats::-->\t $show_process";
} else {
exit("ERROR: seteuid($uid_name) failed!\n"

;
}

/////////////////////////////////////////////
//acuma incercam sa creiem un socket ca root
echo "\n__________________________________________\n";
echo "Trying to start a socket as user 'root'\n";
if(posix_seteuid(0)) // 0 inseamna sa fii root //
{
echo "SUCCESS: You are now root!\n";
$show_process = shell_exec("ps aux | grep -v grep | grep $script_name"

;
echo "Current process stats::-->\t $show_process";
if($socket = @socket_create(AF_INET, SOCK_RAW, 1))
{
echo "SUCCESS: You created a socket as root and now should seteuid() to another user\n";
/////////////////////////////////////////
//acuma modificam socketu pt alt user
echo "\n__________________________________________\n";
echo "Switching to user $user\n";
if(posix_seteuid($uid_name))
{
echo "SUCCESS: You are now $user!\n";
if(socket_bind($socket, 0, 7410))
{
echo "SUCCESS: socket_bind() worked as $user!\n";
} else {
echo "ERROR: Must be root to user socket_bind()\n";
}
$show_process = shell_exec("ps aux | grep -v grep | grep $script_name"

;
echo "Current process stats::-->\t $show_process";
socket_close($socket); //hard to error check but it does close as this user
echo "SUCCESS: You closed the socket as user $user!\n";
} else {
echo "ERROR: seteuid($uid_name) failed while socket was open!\n";
}

} else {
echo "ERROR: Socket failed for some reason!\n";
}
} else {
exit("ERROR: Changing to root failed!\n"

;
}
?>

"Ce inseamna un backdoor:
deci un backdoor este ca si o usita de rezerva in cazul in care cel pricipal este inchis
asta va poate ajuta cand ati crackuit\hackuit un server sa il aveti mereu chiar daca metoda prin care ati crackuito a fost detectata ... sper sa va fie de folos"

_______________________________________
Pot patrunde in orice sistem informatic si pot fura orice date. Pot sa ma uit in computerul tau si nici macar n-o sa stii ca am fost acolo…

pus acum 14 ani

Pagini: 1

Mergi la