Category Archives: Webshells & Backdoor Information

BLACKHAT BLACK HAT 2016 USA VEGAS BRIEFING – HORSE PILL: A NEW TYPE OF LINUX ROOTKIT

HORSE PILL: A NEW TYPE OF LINUX ROOTKIT Michael Leibowitz  |  Senior Trouble Maker, Intel Location:  South Seas CDF Date: Thursday, August 4 | 12:10pm-1:00pm Format: 50 Minute Briefing Tracks: Malware Platform Security: VM, OS, Host and Container   What if we took the underlying technical elements of Linux containers and used them for evil? The result a… Read More »

Share Button

Detecting Webshell Backdoors on your Webservers Strings Indicators

Here are some strings pulled from mostly headers and other key pieces of the webshells for detection. You can search your network for these strings or make simple rules to match these patterns to find webshells on your network.     //Starting calls if (!function_exists(“getmicrotime”)) {function getmicrotime() {list($usec, $sec) = explode(” “, microtime()); return ((float)$usec + (float)$sec);}}… Read More »

Share Button

*FOR RESEARCH* How Easy is it to find Webshells and basically have Root/Admin or User Level Access without “Hacking” Anything – PART 3

********RESEARCH ONLY – DO NOT TRY ANYTHING I AM ABOUT TO DO AS YOU WILL MOST LIKELY END UP IN JAIL, I DO NOT ENDORSE NOR CONDONE DoS ATTACKS OR HACKING WEBSERVERS YOU DO NOT HAVE PERMISSION TO DO SO – HOWEVER IF THEY ARE AGAINST IRAN OR NORTH KOREA I WOULD LOOK THE OTHER… Read More »

Share Button

*FOR RESEARCH* How Easy is it to find Webshells and basically have Root/Admin or User Level Access without “Hacking” Anything – PART 2

Sure enough, wevbshells were just as easy to find as DoS scripts on hacked webservers, the most common webshell that I found was the C99 or C999 or R57 (Modified by everyone) but the code is the same, I located 54 of those, 21 had full root access meaning people are still running apache as… Read More »

Share Button

*FOR RESEARCH* How Easy is it to find Webshells and basically have Root/Admin or User Level Access without “Hacking” Anything – PART 1

********RESEARCH ONLY – DO NOT TRY ANYTHING I AM ABOUT TO DO AS YOU WILL MOST LIKELY END UP IN JAIL, I DO NOT ENDORSE NOR CONDONE DoS ATTACKS OR HACKING WEBSERVERS YOU DO NOT HAVE PERMISSION TO DO SO – HOWEVER IF THEY ARE AGAINST IRAN OR NORTH KOREA I WOULD LOOK THE OTHER WAY –… Read More »

Share Button