Skip to content

Archive-Puma/SecurityNotFound

Folders and files

NameName
Last commit message
Last commit date

Latest commit

ย 

History

45 Commits
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 

Repository files navigation

SecurityNotFound

404 Page Not Found Webshell


Joke License


๐Ÿ“ผ Clone me!

Clone or download the project:

git clone --depth=1 https://github.com/CosasDePuma/SecurityNotFound.git

๐Ÿ“ฆ "Installation"

The src/404.php file should be located on the target server and it must have the ability to execute .php files.

Here is an example of some of the most common routes on which servers are located:

# ๐Ÿ Windows
C:\Xampp\htdocs\       # Xampp

# ๐Ÿง Linux
/var/www/html/         # Apache
/usr/share/nginx/html/ # Nginx

๐Ÿ‘ฎ Obviously, you and I know that you have legitimate access to that server.

๐Ÿšช Access Granted!

Now, you can access it through the browser:

https://www.example.com/404.php


๐Ÿ’ก You can replace the server 404 error template to access from any invalid URL.

To access the control panel, press TAB key or search the password field using your browser's tools:



The default password is: cosasdepuma.

๐Ÿฅš You can leave the $passphrase variable in the script as an empty string to directly access the control panel.

๐Ÿ”’ To set a custom value, insert your password into the $passphrase variable after applying the MD5 algorithm three consecutive times.

๐ŸŽฎ Control Panel

Once logged in, the webshell will show its real appearance:

The panel features an AJAX console and a number of preconfigured actions:

Name Description
PHP Info Shows phpinfo(); page.
Geolocate Shows in Google Maps the place where the server is physically located.
Exploit-DB (...) Searches for compatible exploits in exploit-db.com.
Log out Exits the dashboard.

It should be noted that the execution of commands is performed using the "Referrer" header, its content being the executed payload.

This has two advantages: greater stealth within the log file and the ability to execute commands without the need to access the web interface.

access.log example
172.18.0.1 - - [25/Jul/2022:04:52:17 +0000] "GET /404.php HTTP/1.1" 404 771 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0"
172.18.0.1 - - [25/Jul/2022:04:52:21 +0000] "POST /404.php HTTP/1.1" 404 3560 "http://localhost/404.php" "Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0"
172.18.0.1 - - [25/Jul/2022:04:52:27 +0000] "GET /404.php HTTP/1.1" 404 375 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0"
172.18.0.1 - - [25/Jul/2022:04:52:31 +0000] "GET /404.php HTTP/1.1" 404 470 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0"
172.18.0.1 - - [25/Jul/2022:04:52:37 +0000] "GET /404.php?p HTTP/1.1" 404 75790 "http://localhost/404.php" "Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0"
172.18.0.1 - - [25/Jul/2022:04:52:41 +0000] "GET /404.php HTTP/1.1" 404 3560 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0"
172.18.0.1 - - [25/Jul/2022:04:52:43 +0000] "GET /404.php?c HTTP/1.1" 302 373 "http://localhost/404.php" "Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0"
172.18.0.1 - - [25/Jul/2022:04:52:43 +0000] "GET /404.php HTTP/1.1" 404 771 "http://localhost/404.php" "Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0"

๐Ÿ“œ Log Footprints

# of lines in access.log Action
1 Access without logging in
1 Access with the session already started
1 Log in
2 Log out
1 Execute a command through the console
1 Plugin: PHP Info
0 Plugin: Geolocate
0 Plugin: Exploit-DB (...)

๐Ÿ™ Support the developer!

Everything I do and publish can be used for free whenever I receive my corresponding merit.

Anyway, if you want to help me in a more direct way, you can leave me a tip by clicking on this badge:


PayPal Donation


Releases

No releases published

Sponsor this project

 

Languages