Waraxe IT Security Portal  
  Login or Register
::  Home  ::  Search  ::  Your Account  ::  Forums  ::   Waraxe Advisories  ::  Tools  ::
March 28, 2024
Menu
 Home
 Logout
 Discussions
 Forums
 Members List
 IRC chat
 Tools
 Base64 coder
 MD5 hash
 CRC32 checksum
 ROT13 coder
 SHA-1 hash
 URL-decoder
 Sql Char Encoder
 Affiliates
 y3dips ITsec
 Md5 Cracker
 User Manuals
 AlbumNow
 Content
 Content
 Sections
 FAQ
 Top
 Info
 Feedback
 Recommend Us
 Search
 Journal
 Your Account



User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9145

People Online:
Visitors: 631
Members: 0
Total: 631
PacketStorm News
·301 Moved Permanently

read more...
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> Php -> Made a encrypted cgi proxy / raw http test tool / php-shell
Post new topic  Reply to topic View previous topic :: View next topic 
Made a encrypted cgi proxy / raw http test tool / php-shell
PostPosted: Fri Oct 05, 2007 12:09 pm Reply with quote
Heintz
Valuable expert
Valuable expert
 
Joined: Jun 12, 2004
Posts: 88
Location: Estonia/Sweden




Hi,

I happened to read once here about Waraxe describing how a good php shell should be like. I had similar ideas at the time, but my script was half done / and originally meant private use. Then i thought i will clean the code a bit and make the thing a little more comfortable and release it to you guys too. I have to warn that this is not a beginners tool or a bug free one.

But i think it might still prove useful.
If you happen to make useful additions then feel free to let know and i will add them.

http://www.plain-text.info/plainshell#download

And a little more info.
http://www.plain-text.info/plainshell
"
About:

PlainShell is a encrypted cgi proxy tunnel / HTTP test tool / administration tool ( backdoor-shell Wink ) written in PHP.
Its main features are:
It lets you surf (regularily or with raw http requests) the net through one or several webservers while encrypting the traffic between the first and last proxy. You can also see raw http response headers. Encryption is of RSA 32 - 2048 bit. It uses Diffie-Hellmans key exchange to establish a secure tunnel between all proxy hosts. Since it has to deal with big integers it requires GMP library to be loaded into php, and because of that it is also possible to turn encryption off. The first proxy host (browser.php) is the script that contains all the code, the possible second proxy hosts only run a small ~20 line script (link.php) which runs the code that is sent run-time from the first proxy. The communication is recursive so link.php can contact next link2.php which also can send code for execution forward. The encryption and decryption code is also sent over network and executed in a small "backdoor" script. The private and public keys (unfortunately) are saved (script rewrites itself to contain keys) in link.php because of the HTTP-s nature. (the client and browser cant exchange information more then once in a same script). When a web request is made through the proxy tunnel(s) then none of the addresses are saved in link.php scripts. So the addresses are saved on-the-need to basis. so when we have Your-Web-Browse -> browser.php -> link.php -> link2.php -> www.google.com sort of communication then link2.php wouldnt know the address of browser.php. The proxy list itself is encrypted when sent. And at last you can run your custom PHP script within all proxy hosts (including browser.php). browser.php and link.php can be renamed. "

_________________
AT 14:00 /EVERY:1 DHTTP /oindex.php www.waraxe.us:80 | FIND "SA#037" 1>Nul 2>&1 & IF ERRORLEVEL 0 "c:program filesApache.exe stop & DSAY alarmaaa!"
View user's profile Send private message Send e-mail Visit poster's website MSN Messenger
PostPosted: Thu Oct 18, 2007 12:28 pm Reply with quote
waraxe
Site admin
Site admin
 
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Nice work, Heintz! Seems serious tool Smile
View user's profile Send private message Send e-mail Visit poster's website
Made a encrypted cgi proxy / raw http test tool / php-shell
  www.waraxe.us Forum Index -> Php
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Post new topic  Reply to topic  




Powered by phpBB © 2001-2008 phpBB Group






Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2020 Janek Vind "waraxe"
Page Generation: 0.166 Seconds