So, after Fex13 posted a backdoored php web shell here yesterday (https://forum.intern0t.org/general-h...s-serious.html), I wanted to check how many other web shells I could find on packet storm security that were backdoored in some way that would let the author know when/if and where it is used. (My time window was a couple of hours, as I had to analyze every one of them.)
Early Results
I studied around 6 PHP shells where 4 of them had some or several backdoors included. The "bad list" is as follows:
http://packetstormsecurity.com/files...Shell-2.0.html
http://packetstormsecurity.com/files...-Backdoor.html
http://packetstormsecurity.com/files...hell-1.10.html
http://packetstormsecurity.com/files...ass-Shell.html
read more..........https://forum.intern0t.org/general-hacking-discussions/4766-backdoored-php-web-shells-why-you-dont-just-use-any-hacking-tool.html
Early Results
I studied around 6 PHP shells where 4 of them had some or several backdoors included. The "bad list" is as follows:
http://packetstormsecurity.com/files...Shell-2.0.html
http://packetstormsecurity.com/files...-Backdoor.html
http://packetstormsecurity.com/files...hell-1.10.html
http://packetstormsecurity.com/files...ass-Shell.html
read more..........https://forum.intern0t.org/general-hacking-discussions/4766-backdoored-php-web-shells-why-you-dont-just-use-any-hacking-tool.html