03-13-2014, 11:32 AM
If you know what a shell is, you know what this is. I won't explain this too much since we don't need to really go over this, another thread, another time.
If you plan on setting up a backdoor on a website, you need to be able to operate unknown, without people knowing. Here's two ways you can keep your backdoor under the radar.
First off is probably the most known way, password (and username) protect it.
Your target may somehow wonder off into the depths of their site, and find, what do you know, your backdoor. If you plan on keeping them how, here's an easy way how.
Setup an account of a sort. Just use this PHP script.
Then, just have your shell echo a prompt/login page, this will keep the owner, and everyone else, out of your backdoor. I won't teach you how to do this, you have to figure it out on your own.
Pros:
Cons:
Next, we have the Anti-Crawler. This is simple, all you have to do is implement it into your PHP file.
That just denies the bots from seeing your backdoor. At first, it seems useless, but if you really know how much these crawler bots mean, you'll be first in line to add this to your backdoor. I only provided two bots, there are many more. In the code, I called the bots "crawlingLittleBitches". Probably not the best title for them, but hey, works for me. Even though I've never made a backdoor.
These are only two ways to improve your backdoor/shell's privacy, you can do so much more. But I won't go that far since this is a simple thread.
Good luck and all the shit.
If you plan on setting up a backdoor on a website, you need to be able to operate unknown, without people knowing. Here's two ways you can keep your backdoor under the radar.
First off is probably the most known way, password (and username) protect it.
Your target may somehow wonder off into the depths of their site, and find, what do you know, your backdoor. If you plan on keeping them how, here's an easy way how.
Setup an account of a sort. Just use this PHP script.
PHP Code:
$username = "sheller"
$password = "wowsuchshellpasswordfeg123"
Then, just have your shell echo a prompt/login page, this will keep the owner, and everyone else, out of your backdoor. I won't teach you how to do this, you have to figure it out on your own.
Pros:
- Keep unwanted visitors out.
Cons:
- Admin of the site will think it's "fishy" since they can't login with their cresidentials.
- Login page can still be viewed.
Next, we have the Anti-Crawler. This is simple, all you have to do is implement it into your PHP file.
PHP Code:
if(!empty($_SERVER['HTTP_USER_AGENT']))
{
$crawlingLittleBitches = array("Google","MSNbot");
if(preg_match('/' . implode('|', $crawlingLittleBitches) . '/i', $_SERVER['HTTP_USER_AGENT']))
{
header('HTTP/1.0 404 Not Found');
exit;
}
}
That just denies the bots from seeing your backdoor. At first, it seems useless, but if you really know how much these crawler bots mean, you'll be first in line to add this to your backdoor. I only provided two bots, there are many more. In the code, I called the bots "crawlingLittleBitches". Probably not the best title for them, but hey, works for me. Even though I've never made a backdoor.
These are only two ways to improve your backdoor/shell's privacy, you can do so much more. But I won't go that far since this is a simple thread.
Good luck and all the shit.