One thing i hate the most is people finding our backdoor. So from xanda`s blog I found out there's a project called phpshelldetect to detect malises phpcode.
Lalala
So Xanda wrote a good tutorial on how to bypass it web xanda
Since it's a signature based which means as long as we can craft 101 type of signature evasive technique.. It will be bypassed.
Signature based are bad and inefficent but fast enough to eliminate 99% of the population of the netizen.
So how hard is it to bypass the detector? Not dat hard at all and no obfuscation required.
And it works like a charm...
Lalala
3 comments:
An even simpler example... that passes the regex at https://github.com/emposha/PHP-Shell-Detector/commit/04e16b8541395e0d3e92fd99dee25b5d86e044f7
php5 allow function to be assigned to variable. "obfuscation" can be use during the assigning phase and you are good to go with the new variable.. tokenizer is a good option to be used in php detection tool and one of the good tokenizer can be seen in RIPS project http://sourceforge.net/projects/rips-scanner/
Haha.. the code above got filtered. Heres the code:
$abc = 'sys'.'tem';
echo $abc('dir');
Post a Comment