• Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Menu
  • Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Search
Close
  • Home
  • 2019
  • September
  • 30
  • SecurityNotFound – 404 Page Not Found Webshell

SecurityNotFound – 404 Page Not Found Webshell

September 30, 2019 Comments Off on SecurityNotFound – 404 Page Not Found Webshell
404 reverse shell security not found

404 Page Not Found Webshell

Clone or download the project:

git clone https://github.com/CosasDePuma/SecurityNotFound.git SecurityNotFound
cd SecurityNotFound

📦 “Installation”

The src/404.php file should be located on the target server.

That server must have the ability to execute .php files.

Here is an example of some of the most common routes on which servers are located:

# 🏁 Windows (Xampp)
C:\Xampp\htdocs\

# 🐧 Linux
/var/www/html/

⚠️ Obviously, you and I know that you have legitimate access to that server.

🚪 Access Granted!

Now, you can access it through the browser:

https://www.target.com/404.php

 

 

💡 You can replace the server 404 error template to access from any invalid URL.

To access the control panel, press TAB key or search the password field using your browser’s tools.

 

 

The default password is: cosasdepuma.

🥚 You can leave the $passphrase variable in the script as an empty string to directly access the control panel. If it is your intention, you have lost my respect.

🔒 To set a custom value, insert your password into the $passphrase variable after applying the MD5 algorithm three consecutive times.

☸️ Control Panel

PHP-Webshells

Banner

Function Shown in the picture
Current user root
Kernel Linux
Release 4.9.0-7-AMD64
Exit Button ⛔

🔖 You can also log out using the exit parameter in a GET request.

Buttons

Name Function
PHPINFO Shows phpinfo(); page.
EXPLOIT-DB Searches for kernel-compatible exploits in exploit-db.com.
GEOLOCATE It shows approximately in Google Maps the place where the server is physically located.
SELF-REMOVE The shell deletes itself from the server.

📜 Log Footprints

# of lines in access.log Action
1 Access without logging in
1 Access with the session already started
2 Log in
2 Log out
2 Execute a command through the console
1 Button: PHPINFO
0 Button: EXPLOIT-DB
0 Button: GEOLOCATE
2 Button: SELF-REMOVE
1 Problem: favicon.ico
Weevely – Weaponized Web Shell

📝 TO-DO

  • Roadmap
  • Some marketing
  • Contribution Template
  • Fix Self-Remove (Linux)
  • Prevent favicon.ico request
  • Add “Thanx & Refs” in ReadMe
  • Buttons to external page in new tab

You can read more about the developer and securitynotfound here – https://github.com/CosasDePuma/SecurityNotFound

Post navigation

Rebel Framework – Advanced and easy to use Penetration Testing Framework
Syhunt Community 6.7 – Web And Mobile Application Scanner

Related Articles

Koadic – C3 COM Command & Control – JScript RAT

- Backdoors, Payloads, Post Exploitation
July 24, 2019July 23, 2019

TrevorC2 – Command and Control via Legitimate Behavior over HTTP

- Backdoors, Hack Tools
March 25, 2019July 27, 2019

Androspy – Backdoor Crypter & Creator With Automatic IP Poisener

- Backdoors, Hack Tools
November 14, 2018July 27, 2019
hacker gadgets
hacker phone covers

Recent Posts

Winevt_Logs_Analysis - Searching .Evtx Logs For Remote Connections

Winevt_Logs_Analysis – Searching .Evtx Logs For Remote Connections

February 5, 2023
NJ Man Attempted to Hire a Hitman on the Dark Web

NJ Man Attempted to Hire a Hitman on the Dark Web

February 5, 2023
PlumHound v1.5.1 releases: Bloodhound for Blue and Purple Teams

PlumHound v1.5.1 releases: Bloodhound for Blue and Purple Teams

February 4, 2023
EAST - Extensible Azure Security Tool - Documentation

EAST – Extensible Azure Security Tool – Documentation

February 4, 2023
Dutchman Sold Counterfeit Banknotes on the Dark Web

Dutchman Sold Counterfeit Banknotes on the Dark Web

February 4, 2023
CVE-2023-22501: Critical Flaw in Atlassian Jira Service Management Server and Data Center

CVE-2023-22501: Critical Flaw in Atlassian Jira Service Management Server and Data Center

February 4, 2023

Social Media Hacking

SocialPath – Track users across Social Media Platforms

SocialPath – Track users across Social Media Platforms

- Social Media Hacking
October 16, 2019October 16, 2019

SocialPath is a django application for gathering social media intelligence on specific username. It checks for Twitter, Instagram, Facebook, Reddit...

SocialScan – Check Email Address and Username Availability on Online Platforms

SocialScan – Check Email Address and Username Availability on Online Platforms

June 17, 2019
Shellphish – Phishing Tool For 18 Social Media Apps

Shellphish – Phishing Tool For 18 Social Media Apps

June 10, 2019July 27, 2019
WhatsApp Hacking using QRLJacking

WhatsApp Hacking using QRLJacking

May 2, 2019May 19, 2019
How to Hack any Facebook Account with Z-Shadow

How to Hack any Facebook Account with Z-Shadow

April 26, 2019June 29, 2020
hacker buffs

About Us

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Join Our Community!

Please wait...
Get the latest News and Hacking Tools delivered to your inbox.
Don't Worry ! You will not be spammed

Active Members

Submit a Tool

Hackers Handbook 2018


Grab your copy here

ABOUT US

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Our primary focus revolves around the latest tools released in the Infosec community and provide a platform for developers to showcase their skillset and current projects.

COMPANY
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Menu
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Live Chat
RESOURCES
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Menu
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Get Started
TOOLBOX
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Menu
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Tools Directory

2014 – 2020 | Haxf4rall.com               Stay Connected:

Facebook Twitter Google-plus Wordpress
Please wait...

Join Our Community

Subscribe now and get your free HACKERS HANDBOOK

Don't Worry ! You will not be spammed
SIGN UP FOR NEWSLETTER NOW