[Hidden CMD Detector] Discover Hidden Command prompts

Hidden CMD Detector is the free tool to discover Hidden Command prompts and detect any Hacker presence on your system.

The first thing any Hacker does on getting access to remote system is to run a hidden Command shell. This tool can help you to automatically detect any such hidden cmd prompts and keep your system safe from hackers.

It can help you to discover following type of command prompts,

• Normal/Hidden Command Prompts
• Renamed or custom Command Prompts
• Reverse Command Shells launched by hacker Tools like netcat
• Command Prompts launched by User/System Process

This tool can be easily automated to run at certain interval. It supports 3 output modes (normal, one liner, xml) making it easy to parse the result through the automation scripts.

It will be ideal tool to run on unattended machines periodically to detect any hacker activities and alert the administrators.

Download Hidden CMD Detector v1.0

[ShellSave v1.0] Manten todas tus Shells ordenadas y en un sólo lugar

La idea de crear la ShellSave surge de la propia necesidad de contener de forma ordenada nuestra lista de backdoors web y evitar agendarlos en archivos de texto lo cuál es poco comodo a la hora de realizar una busqueda.

La ShellSave se encarga de ordenarlos de una manera prolija, trabajando mano a mano con una db y obteniendo datos a travez de la url pasada, tales como: ip, nombre del host y geolocalizacion del mismo.

Otra de las carácteristicas que posee es la de incluir a travez de un iframe la webshell selecciónada, esto se podría aprovechar montando el script en un servidor web para luego usarlo de próxy tras realizar la petición a nuestro backdoor.

Como ven se trata de una herramienta super sencilla pero que a la vez resulta de gran utilidad tras la post explotación de uno o varios objetivos.

• El proceso de instalación es simple.
• Crear una base de datos e importar el archivo sql que se encuentra en el directorio bd
• Editar el fichero config.php con los datos correspondientes
• Loguearse dentro de la ShellSave con el password por defecto “test”
• Agendar nuestras webshells.

Web oficial: http://underterminal.nixiweb.com

Descarga ShellSave v1.0

[Hackersh] Free shell (command interpreter) written in Python

Hackersh ("Hacker Shell") is a free and open source (license) shell (command interpreter) written in Python with Pythonect-like syntax, builtin security commands, and out of the box wrappers for various security tools. It is like Unix pipeline, but for processing security information and metadata rather than bytes.

Download Hackersh version 0.1
Web: http://www.hackersh.org/

[Weevely] PHP Stealth Tiny Web Shell

Weevely is a stealth PHP web shell that provides a telnet-like console. It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones.

Weevely is currently included in Backtrack and Backbox and all the major Linux distributions oriented for penetration testing.

• More than 30 modules to automatize administration and post exploitation tasks:
• Execute commands and browse remote filesystem, even with PHP security restriction
• Audit common server misconfigurations
• Run SQL console pivoting on target machine
• Proxy your HTTP traffic through target
• Mount target filesystem to local mount point
• Simple file transfer from and to target
• Spawn reverse and direct TCP shells
• Bruteforce SQL accounts through target system
• Run port scans from target machine
• And so on..
• Backdoor communications are hidden in HTTP Cookies
• Communications are obfuscated to bypass NIDS signature detection
• Backdoor polymorphic PHP code is obfuscated to avoid HIDS AV detection

You can download Weevely v1.0 here:

weevely-1.0.tar.gz

Or read more here.