> > > >

Thread Closed
[Share] mendeteksi backdoor dalam website
Raptor_apache Offline

3 - 12
#1
08-12-2013, 09:32 PM
oke, saya mau share ttg sebuah tool smoga ga repostt. tool ini berguna untuk menemukan shell backdoor yang ditanam oleh attacker, download source nya di > http://www.4shared.com/office/gzi-fGkj/finder.html

untuk cara pengunaanya tinggal di upload dari cpanel

saya jga belum nyoba ini, gak ada web soalnya Big Grin

sekian
(This post was last modified: 01-17-2014, 09:15 AM by zee eichel.)  
Find

alkaaf Offline
hehe
30 - 813
#2
08-13-2013, 07:11 AM
apa itu bro? Big Grin yang jelas bro kalo buat tutorial. ntar dimarahin momod loh Big Grin. ane udah coba dl. nih isinya
Code:
Loading modules, please wait..


****************
AUDIT : greatblo
****************

Downloading latest pattern set..
(147 patterns to search for)
Downloading latest versions set..

public_html/ permissions (0750) okay


Applications installed
----------------------
(* Most recent stable release)
WordPress CMS    3.2.1      GOOD      => /home/greatblo/public_html/guiltpill.com/
WordPress CMS    3.2.1      GOOD      => /home/greatblo/public_html/forexmarketings.com/

Malicious files
---------------
[Minimum required score: 5.0]
(Tue Jun 28 12:29:59 2011 : 0644) /home/greatblo/public_html/guiltpill.com/wp-content/themes/twentyten/lol.php [40.0] {Hidden,}
(Sun Jun 26 08:09:39 2011 : 0644) /home/greatblo/public_html/guiltpill.com/wp-content/plugins/suspend/suspend.php [12.0] {Hidden,}
(Wed May 25 08:36:56 2011 : 0644) /home/greatblo/public_html/forexmarketings.com/wp-content/themes/stock_news/header.php [19.9] {Hidden,}
(Sun Sep 19 02:05:24 2010 : 0644) /home/greatblo/public_html/forexmarketings.com/wp-content/plugins/WPShoppingPages/shoppingpages.php [39.8] {Hidden,}
(Tue Apr 26 09:55:03 2011 : 0644) /home/greatblo/public_html/forexmarketings.com/wp-content/plugins/amazon-showcase-wordpress-widget/log.php [144.9] {Webshell,FIND_1,HTPASSWD,BASH_HISTORY,HTTPD_CONF,VHOSTS_CONF,PROFTPD_CONF,PSYBNC_CONF,ETC_PASSWD,ETC_SHADOW,PERL_TMP_EXECUTION,}
(Sun Sep 19 02:05:22 2010 : 0644) /home/greatblo/public_html/forexmarketings.com/wp-content/plugins/WPRobot/general.php [20.0] {Hidden,}
(Sun Aug 28 22:38:27 2011 : 0644) /home/greatblo/public_html/foolproofmuscleformula.com/termsandconditions/conf.php [134.9] {FIND_1,HTPASSWD,BASH_HISTORY,HTTPD_CONF,VHOSTS_CONF,PROFTPD_CONF,PSYBNC_CONF,ETC_PASSWD,ETC_SHADOW,PERL_TMP_EXECUTION,}
(Sun Aug 28 22:37:07 2011 : 0644) /home/greatblo/public_html/easycashprofessor.com/contact/config.php [134.9] {FIND_1,HTPASSWD,BASH_HISTORY,HTTPD_CONF,VHOSTS_CONF,PROFTPD_CONF,PSYBNC_CONF,ETC_PASSWD,ETC_SHADOW,PERL_TMP_EXECUTION,}

FTP logins
----------

ControlPanel logins
-------------------
SOURCE             DATES
---------------    -----
BACKSTAGE          08/05/2011,08/07/2011,09/04/2011
110.159.150.23     09/04/2011 (23.150.159.110.tm-hsbb.tm.net.my)
110.159.250.14     08/06/2011,08/07/2011 (unknown)

Files modified/uploaded in last 24hrs
-------------------------------------
/home/greatblo/public_html/forexmarketings.com/automaticbacklinks_cache/74becae417b26b87dfaaf50fd2ea33f4.cache
/home/greatblo/public_html/forexmarketings.com/automaticbacklinks_cache/7e1b0acd38cf65d6d12eede908bb0484.cache
/home/greatblo/public_html/forexmarketings.com/automaticbacklinks_cache/a53c27d3bd83645f2757a2878ed165fc.cache
/home/greatblo/public_html/forexmarketings.com/automaticbacklinks_cache/4697cc77bb4e702dc03fb7bdc34f2e92.cache
/home/greatblo/public_html/forexmarketings.com/automaticbacklinks_cache/48b2fb8dd0752a02d5550a4806fb0026.cache
/home/greatblo/public_html/forexmarketings.com/automaticbacklinks_cache/e97fb4200045b044d1ebc4cee5c070c7.cache
/home/greatblo/public_html/forexmarketings.com/automaticbacklinks_cache/9299f08feaad171ea69bd01d571cc993.cache
/home/greatblo/public_html/forexmarketings.com/automaticbacklinks_cache/8b2ba80cbdd4c491834eb62ccbe3c697.cache
/home/greatblo/public_html/forexmarketings.com/automaticbacklinks_cache/3fcab984f46607e927db96c4f6b1f0a5.cache
/home/greatblo/public_html/forexmarketings.com/automaticbacklinks_cache/d0b9fe6899a7729b95291a619470464c.cache

Currently running processes under audited user
----------------------------------------------
itu kaya nya "log" deh, bukan tool. Sad
Ebook teknik web hacking + POC
Share Inject
Internet Phreaking
 
Find

broo$ Offline
Donatur
15 - 107
#3
08-13-2013, 09:05 AM
apaan ini ya om
jangan2 tool yg oom kasih itu backdoor

zzzzzzzz
Keep Calm Rebelx Is Here
 
Find

Raptor_apache Offline

3 - 12
#4
08-13-2013, 09:48 AM
(08-13-2013, 07:11 AM)alkaaf Wrote: apa itu bro? Big Grin yang jelas bro kalo buat tutorial. ntar dimarahin momod loh Big Grin. ane udah coba dl. nih isinya
Code:
Loading modules, please wait..


****************
AUDIT : greatblo
****************

Downloading latest pattern set..
(147 patterns to search for)
Downloading latest versions set..

public_html/ permissions (0750) okay


Applications installed
----------------------
(* Most recent stable release)
WordPress CMS    3.2.1      GOOD      => /home/greatblo/public_html/guiltpill.com/
WordPress CMS    3.2.1      GOOD      => /home/greatblo/public_html/forexmarketings.com/

Malicious files
---------------
[Minimum required score: 5.0]
(Tue Jun 28 12:29:59 2011 : 0644) /home/greatblo/public_html/guiltpill.com/wp-content/themes/twentyten/lol.php [40.0] {Hidden,}
(Sun Jun 26 08:09:39 2011 : 0644) /home/greatblo/public_html/guiltpill.com/wp-content/plugins/suspend/suspend.php [12.0] {Hidden,}
(Wed May 25 08:36:56 2011 : 0644) /home/greatblo/public_html/forexmarketings.com/wp-content/themes/stock_news/header.php [19.9] {Hidden,}
(Sun Sep 19 02:05:24 2010 : 0644) /home/greatblo/public_html/forexmarketings.com/wp-content/plugins/WPShoppingPages/shoppingpages.php [39.8] {Hidden,}
(Tue Apr 26 09:55:03 2011 : 0644) /home/greatblo/public_html/forexmarketings.com/wp-content/plugins/amazon-showcase-wordpress-widget/log.php [144.9] {Webshell,FIND_1,HTPASSWD,BASH_HISTORY,HTTPD_CONF,VHOSTS_CONF,PROFTPD_CONF,PSYBNC_CONF,ETC_PASSWD,ETC_SHADOW,PERL_TMP_EXECUTION,}
(Sun Sep 19 02:05:22 2010 : 0644) /home/greatblo/public_html/forexmarketings.com/wp-content/plugins/WPRobot/general.php [20.0] {Hidden,}
(Sun Aug 28 22:38:27 2011 : 0644) /home/greatblo/public_html/foolproofmuscleformula.com/termsandconditions/conf.php [134.9] {FIND_1,HTPASSWD,BASH_HISTORY,HTTPD_CONF,VHOSTS_CONF,PROFTPD_CONF,PSYBNC_CONF,ETC_PASSWD,ETC_SHADOW,PERL_TMP_EXECUTION,}
(Sun Aug 28 22:37:07 2011 : 0644) /home/greatblo/public_html/easycashprofessor.com/contact/config.php [134.9] {FIND_1,HTPASSWD,BASH_HISTORY,HTTPD_CONF,VHOSTS_CONF,PROFTPD_CONF,PSYBNC_CONF,ETC_PASSWD,ETC_SHADOW,PERL_TMP_EXECUTION,}

FTP logins
----------

ControlPanel logins
-------------------
SOURCE             DATES
---------------    -----
BACKSTAGE          08/05/2011,08/07/2011,09/04/2011
110.159.150.23     09/04/2011 (23.150.159.110.tm-hsbb.tm.net.my)
110.159.250.14     08/06/2011,08/07/2011 (unknown)

Files modified/uploaded in last 24hrs
-------------------------------------
/home/greatblo/public_html/forexmarketings.com/automaticbacklinks_cache/74becae417b26b87dfaaf50fd2ea33f4.cache
/home/greatblo/public_html/forexmarketings.com/automaticbacklinks_cache/7e1b0acd38cf65d6d12eede908bb0484.cache
/home/greatblo/public_html/forexmarketings.com/automaticbacklinks_cache/a53c27d3bd83645f2757a2878ed165fc.cache
/home/greatblo/public_html/forexmarketings.com/automaticbacklinks_cache/4697cc77bb4e702dc03fb7bdc34f2e92.cache
/home/greatblo/public_html/forexmarketings.com/automaticbacklinks_cache/48b2fb8dd0752a02d5550a4806fb0026.cache
/home/greatblo/public_html/forexmarketings.com/automaticbacklinks_cache/e97fb4200045b044d1ebc4cee5c070c7.cache
/home/greatblo/public_html/forexmarketings.com/automaticbacklinks_cache/9299f08feaad171ea69bd01d571cc993.cache
/home/greatblo/public_html/forexmarketings.com/automaticbacklinks_cache/8b2ba80cbdd4c491834eb62ccbe3c697.cache
/home/greatblo/public_html/forexmarketings.com/automaticbacklinks_cache/3fcab984f46607e927db96c4f6b1f0a5.cache
/home/greatblo/public_html/forexmarketings.com/automaticbacklinks_cache/d0b9fe6899a7729b95291a619470464c.cache

Currently running processes under audited user
----------------------------------------------
itu kaya nya "log" deh, bukan tool. Sad

weehhh, yo apus ae lahh bro =))
(08-13-2013, 09:05 AM)broo Wrote: apaan ini ya om
jangan2 tool yg oom kasih itu backdoor

zzzzzzzz

welehh, ane gak suka ma yang web--web an om,
(This post was last modified: 08-13-2013, 09:50 AM by Raptor_apache.)  
Find

Junior Riau Offline
http://www.juniorriau.com
95 - 2,063
#5
08-14-2013, 12:38 PM
apa ini?
Junior IBTeam - official site
gained facebook account
 
Find

alkaaf Offline
hehe
30 - 813
#6
08-14-2013, 12:54 PM
(08-14-2013, 12:38 PM)junior.riau18 Wrote: apa ini?

hehe ngga jelas om. kliatannya hasil log aplikasi gt
Ebook teknik web hacking + POC
Share Inject
Internet Phreaking
 
Find

zee eichel Offline
IBTeam Server Sysadmn
269 - 2,291
#7
08-15-2013, 07:31 AM
wah ini mah hasil dari esekusi toolnya mungkin ... semacam ss terminal output ... coba cari tools aslinya..... btw ts dapat informsi dari mana ?
FOLLOW @DutaLinux
for more question and sharing about security and Opensource only
www.dutalinux.org
 
Website Find

xnod_die Offline

7 - 45
#8
08-15-2013, 04:50 PM
ya klo mau rajin2 cek server kita sh pke cara manual aja,,
tapi berhubung jaman sekarang bnyak BD yg di enkrip ya sesuain aja pattern nya kyak base64_decode, atau bisa jga kyk exec,hack,port dll

Code:
root@xnod:~# grep -R "base64_decode" /var/www/

/var/www/joomla/bd.php:    @eval(gzinflate(base64_decode($james)));
 
Find

Raptor_apache Offline

3 - 12
#9
08-29-2013, 01:28 PM
ane dapet dari sini om -_- >>http://www.boeimcyber.com/2011/11/tool-mencari-shellbackdoor-di-website.html
 
Find

cyber_ghost Offline
Beginner
1 - 75
#10
12-31-2013, 05:25 AM
apaan ni isinya -_-
laen kali tengok dulu isinya om,baru di share ke orang Big Grin
 
Find


Thread Closed



Users browsing this thread: 1 Guest(s)