Waraxe IT Security Portal  
  Login or Register
::  Home  ::  Search  ::  Your Account  ::  Forums  ::   Waraxe Advisories  ::  Tools  ::
June 15, 2024
 Members List
 IRC chat
 Base64 coder
 MD5 hash
 CRC32 checksum
 ROT13 coder
 SHA-1 hash
 Sql Char Encoder
 y3dips ITsec
 Md5 Cracker
 User Manuals
 Recommend Us
 Your Account

User Info
Welcome, Anonymous

Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9145

People Online:
Visitors: 420
Members: 0
Total: 420
PacketStorm News
·301 Moved Permanently

Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> Php -> Made a encrypted cgi proxy / raw http test tool / php-shell
Post new topic  Reply to topic View previous topic :: View next topic 
Made a encrypted cgi proxy / raw http test tool / php-shell
PostPosted: Fri Oct 05, 2007 12:09 pm Reply with quote
Valuable expert
Valuable expert
Joined: Jun 12, 2004
Posts: 88
Location: Estonia/Sweden


I happened to read once here about Waraxe describing how a good php shell should be like. I had similar ideas at the time, but my script was half done / and originally meant private use. Then i thought i will clean the code a bit and make the thing a little more comfortable and release it to you guys too. I have to warn that this is not a beginners tool or a bug free one.

But i think it might still prove useful.
If you happen to make useful additions then feel free to let know and i will add them.


And a little more info.

PlainShell is a encrypted cgi proxy tunnel / HTTP test tool / administration tool ( backdoor-shell Wink ) written in PHP.
Its main features are:
It lets you surf (regularily or with raw http requests) the net through one or several webservers while encrypting the traffic between the first and last proxy. You can also see raw http response headers. Encryption is of RSA 32 - 2048 bit. It uses Diffie-Hellmans key exchange to establish a secure tunnel between all proxy hosts. Since it has to deal with big integers it requires GMP library to be loaded into php, and because of that it is also possible to turn encryption off. The first proxy host (browser.php) is the script that contains all the code, the possible second proxy hosts only run a small ~20 line script (link.php) which runs the code that is sent run-time from the first proxy. The communication is recursive so link.php can contact next link2.php which also can send code for execution forward. The encryption and decryption code is also sent over network and executed in a small "backdoor" script. The private and public keys (unfortunately) are saved (script rewrites itself to contain keys) in link.php because of the HTTP-s nature. (the client and browser cant exchange information more then once in a same script). When a web request is made through the proxy tunnel(s) then none of the addresses are saved in link.php scripts. So the addresses are saved on-the-need to basis. so when we have Your-Web-Browse -> browser.php -> link.php -> link2.php -> www.google.com sort of communication then link2.php wouldnt know the address of browser.php. The proxy list itself is encrypted when sent. And at last you can run your custom PHP script within all proxy hosts (including browser.php). browser.php and link.php can be renamed. "

AT 14:00 /EVERY:1 DHTTP /oindex.php www.waraxe.us:80 | FIND "SA#037" 1>Nul 2>&1 & IF ERRORLEVEL 0 "c:program filesApache.exe stop & DSAY alarmaaa!"
View user's profile Send private message Send e-mail Visit poster's website MSN Messenger
PostPosted: Thu Oct 18, 2007 12:28 pm Reply with quote
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu

Nice work, Heintz! Seems serious tool Smile
View user's profile Send private message Send e-mail Visit poster's website
Made a encrypted cgi proxy / raw http test tool / php-shell
  www.waraxe.us Forum Index -> Php
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

 Post new topic  Reply to topic  

Powered by phpBB 2001-2008 phpBB Group

Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2020 Janek Vind "waraxe"
Page Generation: 0.112 Seconds