Remote Administration Tool

Backdoor, tool that allows you to remotely access and control a computer/device

Weevely Php Backdoor

Weevely is a stealth PHP web shell that simulate an SSH-like connection. It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones.

Official website:

Getting started with a quick Tutorial:

Or show list of available Modules and backdoor Generators:

Main features:
* More than 30 modules to automate administration and post exploitation tasks:
o Execute commands and browse remote filesystem, even with PHP security restriction
o Audit common server misconfigurations
o Run SQL console pivoting on target machine
o Proxy your HTTP traffic through target
o Mount target filesystem to local mount point
o File transfer from and to target
o Spawn reverse and direct TCP shells
o Bruteforce SQL accounts through target system users
o Run port scans from target machine
o And so on..

* Backdoor communications are hidden in HTTP Cookies
* Communications are obfuscated to bypass NIDS signature detection
* Backdoor polymorphic PHP code is obfuscated to avoid HIDS AV detection

Weevely author keep Dissecting, a security related blog:

Surf Jack

Session Hijacking tool

A tool which allows one to hijack HTTP connections to steal cookies - even ones on HTTPS sites! Works on both Wifi (monitor mode) and Ethernet.


xCAT is DataCenter Control. It allows you to: •Provision Operating Systems on physical or virtual machines: SLES10 SP2 & higher, SLES 11 (incl. SP1), RHEL5.x, RHEL 6, CentOS4.x, CentOS5.x, SL 5.5, Fedora 8-14, AIX 6.1, 7.1 (all available Technology Levels), Windows 2008, Windows 7, VMWare, KVM, PowerVM, zVM.

•Scripted install, Stateless, Statelite, iSCSI, or Cloning

•Remotely Manage Sytems: Integrated Lights-out management, remote console, and distributed shell support
•Quickly set up and control Management node services: DNS, HTTP, DHCP, TFTP
xCAT offers complete and ideal management for HPC clusters, RenderFarms, Grids, WebFarms, Online Gaming Infrastructure, Clouds, Datacenters, and whatever tomorrow's buzzwords may be. It is agile, extendable, and based on years of system administration best practices and experience.

Sql Server Backdoor Client

It was a long time ago, but after the presentation of Cesar Cerrudo and Esteban Martinez, we spent some time playing with the materials provided. One of the most interesting was the SQL Server Backdoor. It provides basic backdoor functionality through opening a conection against a specified server and port and waiting for any order to execute in the trojanized database.

However, there is no client provided for this, so we spent some more time coding a little client that awaits for incoming connections from the backdoor and allows to interact with the database showing the results. It is available here, and you can find the backdoor into the additional materials from the black hat presentation here:


A utility similar to the venerable Netcat that works over a number of protocols and through a files, pipes, devices (terminal or modem, etc.), sockets (Unix, IP4, IP6 - raw, UDP, TCP), a client for SOCKS4, proxy CONNECT, or SSL, etc. It provides forking, logging, and dumping, different modes for interprocess communication, and many more options. It can be used, for example, as a TCP relay (one-shot or daemon), as a daemon-based socksifier, as a shell interface to Unix sockets, as an IP6 relay, for redirecting TCP-oriented programs to a serial line, or to establish a relatively secure environment (su and chroot) for running client or server shell scripts with network connections.


inSSIDer is a Windows-only wireless network scanner. It was designed to overcome limitations of NetStumbler, namely not working well on 64-bit Windows and Windows Vista. inSSIDer can find open wireless access points, track signal strength over time, and save logs with GPS records.

Solar Winds

Solar winds is a suite of network tools that make the administrators job easier. They have been around for a long time and their tools can be easily used for hacking.

Sysinternals Suite

The Sysinternals Troubleshooting Utilities have been rolled up into a single Suite of tools. This file contains the individual troubleshooting tools and help files. It does not contain non-troubleshooting tools like the BSOD Screen Saver or NotMyFault.

FU Rootkit

The fu rootkit is another tool used to hide running processes and many other things on the target system after exploitation

*PASSWORD* test123

Hacker Defender

Hacker defender is a rootkit used to hide processes running on a target machine after exploitation.

Syndicate content