Backdoor Management and informations
Set a port and an IP here, select the
Open Backdoor checkbox, and click the
Exec button: this will open a shell-backdoor on this port. So, with a simple
telnet [server ip] [port]
you will have a prompt to exec command on the server.
There are some considerations to do about this function:
- Each web application user can open a single backdoor; as you can see, after you open it, the checkbox will change
into Close Backdoor
- If you chose an IP different from 0.0.0.0 the backdoor will be binded only to such IP; to use it
you need to reach that specific IP, not another alias of the target!
- The backdoor will be opened with the same WSH "environment": so, if the field
Shell Path was /usr/local/bin,
the selected shell was ksh and 4 alias were set, the backdoor
will work with the /usr/local/bin/ksh shell, and you will be able to use all aliases set.
If you change those values later, this will not affect a
previous opened backdoor: you have to close and reopen it to apply changes.
- It suffers of the same problems the webshell does, mainly it can not capture the standard input
- If you exit the telnet command (CTRL+] and then exit)
the backdoor will still be alive. You can definitively kill the connection (close the port on the server),
either by typing Bye. at the backdoor prompt, or selecting
the Close backdoor checkbox and clicking the Exec button.
In both cases, the Java Thread that is the backdoor will be stopped. Notice that if you issue a blocking command, like
find / you may find yourself in the need of closing it quickly: this is the reason you have
the Close backdoor checkbox apart from the Bye. special command.
- If you close the backdoor, with any method, the port will remain open: however,
the first character sent to such port will close it.
Perhaps this is a little "raw" but I do not think it could
create any problem to your ethical activities, nor to your target security