Upload and use C99.php Backdoor shell

Upload and use C99.php Backdoor shell

1. Introduction

Local attack is a very common method used to attack a certain website on the same server. The tool of this attack is to use the exploit code written in several programming languages ​​such as PHP, ASP.Net, Python … The code is called Shell. When a server on the server is uploaded to this shell file, the attacker can use the exploit commands to penetrate the hosting accounts with the server to read sensitive information such as: Email, Database information (username , password ..) easily. From there the attacker can do whatever they want.

2. Preparation

– Download shell C99.php – Computer running windows operating system. Require to disable the firewall on the system. – The source code management mysql – phpmyadmin https://www.phpmyadmin.net/downloads/ – XAMPP download by following link: https://downloadsapachefriends.global.ssl.fastly.net/xampp-files/5.6.31/xampp-win32-5.6.31-0-VC11-installer.exe?from_af=true – DVWA download the following link: http://www.dvwa.co.uk/ – The browser software chrome, firefox 10.0, 7zip, Notepadd ++.

3. Implementation steps

– Start up Firefox> Place in the address bar. Replace with the IP address of the DVWA Login: admin Password: password Click on Login

  • Click on DVWA Security, in the left hand menu.
Select “low” . Click Submit
– We can copy this shell c99.php directly into the code: hackable / uploads / shell.php
    – Open firefox and visit the following link:
    http: //localhost/DVWA/hackable/uploads/c99.php



  • Server security information
Click on the Sec. link
Select “find config.inc.php files”
Sometimes ignorant application admins place database config files in a public location. Click on the Execute button


  • Server security information
Highlight /var/www/html/dvwa/config/config.inc.php
Select Edit –> Copy


  • PHP-code
Click on the PHP-code link
In the Execution PHP-code box place the below command:
system(“cat /var/www/html/dvwa/config/config.inc.php”);
Click on the Execution Button


  • Extract Database Password

Giới thiệu về tác giả