Menu

SecurityNotFound – 404 Page Not Found Webshell

Comments Off on SecurityNotFound – 404 Page Not Found Webshell

404 Page Not Found Webshell

Clone or download the project:

git clone https://github.com/CosasDePuma/SecurityNotFound.git SecurityNotFound
cd SecurityNotFound

📦 “Installation”

The src/404.php file should be located on the target server.

That server must have the ability to execute .php files.

Here is an example of some of the most common routes on which servers are located:

# 🏁 Windows (Xampp)
C:\Xampp\htdocs\

# 🐧 Linux
/var/www/html/

⚠️ Obviously, you and I know that you have legitimate access to that server.

🚪 Access Granted!

Now, you can access it through the browser:

https://www.target.com/404.php

 

 

💡 You can replace the server 404 error template to access from any invalid URL.

To access the control panel, press TAB key or search the password field using your browser’s tools.

 

 

The default password is: cosasdepuma.

🥚 You can leave the $passphrase variable in the script as an empty string to directly access the control panel. If it is your intention, you have lost my respect.

🔒 To set a custom value, insert your password into the $passphrase variable after applying the MD5 algorithm three consecutive times.

☸️ Control Panel

PHP-Webshells

Banner

FunctionShown in the picture
Current userroot
KernelLinux
Release4.9.0-7-AMD64
Exit Button

🔖 You can also log out using the exit parameter in a GET request.

Buttons

NameFunction
PHPINFOShows phpinfo(); page.
EXPLOIT-DBSearches for kernel-compatible exploits in exploit-db.com.
GEOLOCATEIt shows approximately in Google Maps the place where the server is physically located.
SELF-REMOVEThe shell deletes itself from the server.

📜 Log Footprints

# of lines in access.logAction
1Access without logging in
1Access with the session already started
2Log in
2Log out
2Execute a command through the console
1Button: PHPINFO
0Button: EXPLOIT-DB
0Button: GEOLOCATE
2Button: SELF-REMOVE
1Problem: favicon.ico
Weevely – Weaponized Web Shell

📝 TO-DO

  • Roadmap
  • Some marketing
  • Contribution Template
  • Fix Self-Remove (Linux)
  • Prevent favicon.ico request
  • Add “Thanx & Refs” in ReadMe
  • Buttons to external page in new tab

You can read more about the developer and securitynotfound here – https://github.com/CosasDePuma/SecurityNotFound

Related Articles

ABOUT US

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Our primary focus revolves around the latest tools released in the Infosec community and provide a platform for developers to showcase their skillset and current projects.

COMPANY
Menu
Live Chat
RESOURCES
Menu
Get Started
TOOLBOX
Menu
Tools Directory

2014 – 2020 | Haxf4rall.com               Stay Connected:

Facebook
Twitter
Google-plus
Wordpress
Do NOT follow this link or you will be banned from the site!