Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Basic question

  1. Home
  2. Forum
  3. Web hacking
  4. Basic question

ghost's Avatar

ghost

0 0

Lets say that someone has programmed a basic PHP backdoor program, that allows arbitrary code to be executed on an infected web server. What would be the best method to implant the targetted web server with this PHP backdoor, that is, to get the PHP script to the server side without the knowledge of ssh/ftp passwords? Give me ideas.

– Henux


spyware's Avatar

spyware

Banned
0 0

Hacking (if there is one) the only admin panel. This will probably involve these techniques: -XSS -Crawling (file-mapping) -SQL Injection

If this doesn't work, try Remote File Inclusion, and include a php shell.

Then you could try some much-used SSH/FTP user/pass combinations.

If this doesn't work you're looking at exploiting an open service and hacking the whole server.


ghost's Avatar

ghost

0 0

Thank you for your much detailed reply to my basic question.

– Henux


ghost's Avatar

ghost

0 0

I see that I was rewarded with one negative community point by asking this kind of question. I understand my mistake and take a note out of it, and won't do it again.

Thank you.

– Henux