In this post we are going to search with Google, servers that have been compromised and they are hosting a webshell.
The most common method to upload a webshell to a server is RFI (Remote File Inclusion). RFI is a vulnerability that allows an attacker to upload a remote file like a script or webshell.
With a webshell, you can manage the server, read/create/remove files/upload files, execute commands on the remote server...
The common webshells are c99.php, c100.php, r57.php...
You can find servers hosting this webshells with the next google dorks
* Note that some links don't contain webshells because administrators have removed the shell from their servers or the webmaster are using black SEO.
inurl:"c99.php/" "uname -a"
inurl:"b374k.php/"
inurl:"c100.php" "uname -a"
inurl:r57.php
Subscribe to:
Post Comments (Atom)
About Me
Popular Posts
-
When I was writing Using robots.txt to locate your targets , I felt the necessity of developing a tool to make automatic the task of auditi...
-
Introduction Wordpress is the CMS most used Worldwide. According to w3techs.com WordPress is used by 61.1% of all the websites whose con...
-
Kippo features A few months ago I could get access to a SSH Honeypot called Kippo. Kippo is designed to log SSH brute force attacks and ...
-
Some months ago, I participated in something like a "Hacker Competition" to get a job in a CERT. One of the tests consisted of g...
-
In this post I'm going to talk about Volatility. Volatility is one of the best tools for memory forensics. It is an open source frame...
Behind The Firewalls. Powered by Blogger.
0 comments:
Post a Comment