#########################
WeBaCoo (Web Backdoor Cookie) is a web backdoor script-kit, aiming to provide a stealth terminal-like connection over HTTP between client and web server. It is a post exploitation tool to maintain access to a compromised web server.
WeBaCoo was designed to operate under the radar of modern up-to-dated AV, NIDS, IPS, Network Firewalls and Application Firewalls, proving a stealth mechanism to execute commands to the compromised server. The obfuscated communication is accomplished using HTTP header’s Cookie fields under valid client HTTP requests and relative web server’s responses.
The script-kit has two main operation modes: Generation and “Terminal”. Using generation mode, user can create the backdoor code containing the PHP payloads. On the other hand, at the remote “terminal” mode the client can connect to the compromised server where the backdoor PHP code has been injected. In order to establish the remote “pseudo”-shell, the user must provide the server’s URL path containing the injected code.
Source
###############
https://github.com/anestisb/WeBaCoo/zipball/master
No comments:
Post a Comment