hack3core Posted November 25, 2013 Share Posted November 25, 2013 Okay, you have written a cool PHP shell exploiting a zero day buffer overflow in PHP to bypass possible security setups, but you have a small issue... How to keep the source from leaking? This tutorial will help you to encrypt your shell so it will be extremely difficult for people to steal your shell, even if they gained access to the file itself. So, lets start. Lets say, I want to secure my highly private PHP shell that uses zero day system function. This is the hidden content, please Sign In or Sign Up Ok, here we have the shell. Lets encrypt it, passphrase being loldongs. (We want to remove the <? from the shell before we do this, and properly escape everything.) This is the hidden content, please Sign In or Sign Up Run this PHP script, it should return something like This is the hidden content, please Sign In or Sign Up This is your shell encrypted. Now, lets make the final shell file that you will upload to server. This is the hidden content, please Sign In or Sign Up After you have that done, just create a cookie called SHELLPASS with its value being your shells password, in my case loldongs. Now nobody will be able to steal your shell without logging your cookie with the shell password. A quick disclaimer: This is encryption, not obfuscation. If you lose the passphrase, your shell will be 100% unusable and unrecoverable. Link to comment Share on other sites More sharing options...
Recommended Posts