This tool is dead. It was a cool way to play around with PHP and backdoors being generated 10 years ago now (which is crazy to me). But I've moved on to different interests. If you're looking at this code, please don't consider this as anything other than an old interest. Happy Hacking!
Copyright (C) 2012 Ian "z0r0" Abreu
Email: (z0r0@shurikenlabs.com) Twitter: @z0r0
Use this tool at your own Risk. I take no responsibility For it's use, or the actions of it's users. This is meant to be used as a TOOL for secure vulnerability research only!
./generate.py
What it will do: -Will generate two unique RSA Key pairs. -Will make every shell tied to it's unique backdoor -Will output CLI.py and shell.php Now: -Just upload shell.php to a webserver -Call up CLI.py --host=shurikenlabs.com --path=/shell.php Then: -Profit?
1.) Impliment PHP driven RSA encrypt, and Decrypt functions -(removing OpenSSL as a dependancy) - Probably best to use libsodium as a dependency here.
2.) Create self decrypting backdoor on runtime.
3.) Create a tool that logs fast_cgi's exec calls,so we'll actually be able to easily detect the use of web backdoors.
4.) RSA Stateful-shell? (think ssh over php)
5.) The ability to issue out new keys during operation.