WordPress is by far the most popular Content Management System (CMS). This popularity is mainly due to the excellent customization offered by themes and extensions.
Shell
A shell can be written in any language supported by the target web server. Most common shells are written in widely supported languages such as PHP and ASP. Perl, Python, Ruby, and Unix shell scripts are also used.
Backdoor
Backdoor is a piece of code or mechanisms specifically designed to provide an access point to a site or system. When malicious code runs on a system, the door opens, bypassing normal authentication. This vulnerabilities ,"doors", can be very different depending on the target system or site.
-It may be that network ports on the server are opened to connect later.
-This may be authorized through a specific link.
-Can be the back door shell, offering a variety of tools to take control of the remote machine.
-It can be a default password that provides the given privileges.
-Normally there can be a secret decryption key to decrypt confidential communications.
Using network discovery tools a competitor can identify vulnerabilities.For example, these vulnerabilities can be found in content management systems (CMS) or Web server software.
Once the installation is successful, the competitor can use the web shell to scale privileges and take advantage of other operating techniques to issue commands remotely.These commands relate directly to privileges and features available on the Web server and may also have the ability to add, execute, and delete files, execute shell commands, additional executable files or scripts.
What Are The Common Methods Used To Run Web Shell Exploit?
Web shells can be provided with a number of Web application exploits or configuration weaknesses, and what are these weaknesses:
SQL injection
On-site script
Vulnerabilities in WordPress apps / services
WordPress file processing vulnerabilities (for example, download filter or assigned permissions)
Remote files (RFI) and local files (LFI), including WordPress vulnerabilities
Open management interfaces (likely areas to find the above mentioned vulnerabilities).
WSO
Competitors often choose web shells such as China Chopper, WSO, C99, and B374K. What are these web shells:
China Chopper - A small web shell with its features. It has a variety of command and control features, including a password and brute force feature.
WSO - stands for "orb by Web Shell" and can be shown as an error page with a hidden login form.
C99 - A WSO shell version with additional features. It can view server security measures and includes a self-delete feature.
B374K - A PHP-based web shell with common features such as process visualization and command execution.
What Makes the WSO So Special?
Password protection
Server information disclosure
File management features such as downloading, downloading or editing files, indexing, browsing directories, and searching for text in files
Command Line Console
Database management
Running PHP code
Encoding and decoding the text input
Brute force attacks against FTP or database servers
Installing a Perl script to act as a more direct backdoor on the server
How to find a Web shell or Backdoor on the server?
A backdoor script can be called from a browser like any other web page. It provides its users with a web interface where the hacker can upload, load, view or modify, create directories and manage the site using PHP's ability to read and write files and place system commands through the operating system.
Backdoors can be difficult to find because they are usually hidden in files that are part of the site, or they are uploaded as new files with innocent names, often placed in a directory containing a large number of files.
To find a backdoor script or backdoor, you can find various plugins, software, sites, or hackers working in white hat.
Tips for Installing Web Shell & Backdoor and Av0iding Vulnerabilities:
Authentication for uploading files
Store uploaded files in an inaccessible ******** on the server
Evaluate or add uploaded data
Shuffling uploaded filenames and extensions (changing to encrypted filename)
Define valid file types that users are allowed to upload
Perform regular updates to applications and host operating system to protect against known vulnerabilities
Control the creation and execution of files in specific directories
A custom proxy address or an alternative service such as mod_security to limit the URL paths that can be accessed to known legitimate addresses
Create and save a "good" version of the affected server and a regular change management policy offline to track changes in server content.
Using user login validation to limit local and remote file attachment vulnerabilities
Scanning systems and applications for vulnerabilities to identify risk areas
Deploy firewalls and run regular virus signature checks.
source: https://www.turkhackteam.org/web-se...door-tespiti-guvenligi-web-script-kulubu.html
çevirmen/translator: Captainyarimca
Moderatör tarafında düzenlendi:
