Comments on: WeBaCoo (Web Backdoor Cookie) Script-Kit – The Birth http://bechtsoudis.com/2011/11/29/webacoo-web-backdoor-cookie-script-kit-the-birth/#utm_source=rss&utm_medium=rss&utm_campaign=webacoo-web-backdoor-cookie-script-kit-the-birth Driven by Passion for Challenges Thu, 10 Apr 2014 08:41:30 +0000 hourly 1 http://wordpress.org/?v=3.9.2 By: anestisb http://bechtsoudis.com/2011/11/29/webacoo-web-backdoor-cookie-script-kit-the-birth/#comment-302 Sun, 23 Sep 2012 08:31:45 +0000 http://bechtsoudis.com/?p=936#comment-302 Yeap a multi-staged (part of the exploit in the backdoor and the rest send from the client) exploit pack plugin would be cool. Although, as i mentioned in my previous comment i like to keep pentest stages clear and seperate.

Webacoo was designed as a post-exploitation tool in order to maintain access, support host pivoting and facilitate a privilege escalation attack. Consequently, i won’t risk the stealth/steady behavior by adding some heavy exploit packs. It’s on the pentester’s hand to find an appropriate vector for the rest of the process. Some new features that i’m currently working are some port forward,proxy, pivot features.

Of course users are free to add such features/plugins in their forked versions and would be glad to review merge requests.

Appreciate your comments.
-A

]]>
By: vuln http://bechtsoudis.com/2011/11/29/webacoo-web-backdoor-cookie-script-kit-the-birth/#comment-298 Sun, 23 Sep 2012 02:15:05 +0000 http://bechtsoudis.com/?p=936#comment-298 seriously this is badass i will be reviewing this code and seeing what i can ad have u thought of adding a function that has built in exploits? base 64 encoded than decoded have the backdoor hold the exploits that way the http traffic is small and just send a command to run exploit?

]]>
By: Vignesh http://bechtsoudis.com/2011/11/29/webacoo-web-backdoor-cookie-script-kit-the-birth/#comment-176 Mon, 27 Feb 2012 23:18:33 +0000 http://bechtsoudis.com/?p=936#comment-176 Great stuff. I appreciate your new findings and stealth of webshells. Please do more updates like this!

]]>
By: anestisb http://bechtsoudis.com/2011/11/29/webacoo-web-backdoor-cookie-script-kit-the-birth/#comment-151 Fri, 09 Dec 2011 16:41:44 +0000 http://bechtsoudis.com/?p=936#comment-151 Appreciate the good words meebo. You are right, clear documentation is an issue nowadays. Finally found some time to complete the wiki writeup.
Waiting to hear your feedback after testing the tool.

ps More features coming soon (hopefully)!

]]>
By: meebo http://bechtsoudis.com/2011/11/29/webacoo-web-backdoor-cookie-script-kit-the-birth/#comment-147 Sat, 03 Dec 2011 23:26:19 +0000 http://bechtsoudis.com/?p=936#comment-147 Good stuff – I’ll be testing this out for sure within the next few days. Didn’t much care for weevely but it was the best documented semi-decent PHP backdoor, so I used it anyhow. Hopefully now I’ll have an alternative…better alternative.

]]>