Category: Web Hacking

After read and learn about non-alphanumeric code in php, i decide to write my own non-alphanumeric PHP simple backdoor. well, it’s a quite simple script, just a XOR function over strings. By XOR-ing “<>/” with “{” we have “GET” string as the result. Put the result in one-liner code execution and done. Another version with […]

Ever think to gain access to your backdoor undetected? Well, maybe not all web administrators examine their php files? Weevely is the answer. Just follow these actions (I was doing this on Backtrack 5): Where: -p = your password to access the backdoor -g = generate a new encrypted php file (it doesn’t actually encrypt […]

Facing a tomcat server.. and need to upload a WAR backdoor…??, well… we can create a WAR backdoor very easily with Metasploit, ok follow this steps: 1. Creating the backdoor. it will create a WAR file contain a random name for jsp backdoor file 2. Upload the WAR file. 3. Use netcat to listen for […]

Two days ago, I tried to do some research with web application security. My main focus is targeting the upload feature of a website. Many website today using upload feature to interact with their user, for example on a job searcher website or educational website. From several trials that I’ve done with some website, almost […]

By using Beautiful Soup, we can change the code as seen at the previous post to the code below… and it even works much better… just by changing the regex function, it return a better result :

ModSecurity is a good starting point to secure your web site. OWASP provides the core rule set (CRS) for ModSecurity rules against the most critical web application attack. From OWASP: ModSecurity is an Apache web server module that provides a web application firewall engine. The ModSecurity Rules Language engine is extrememly flexible and robust and […]