ADSENSE HERE!Well,this article should be read by N00BZ only!
Here are some steps you could follow in order to find hacked servers with phpshell backdoors hosted in it , and to upload Rapidleech script on the hacked servers by yourself.
There are many kinds of phpshells out there , and what we are gonna do is to find them using some Google Dorks . Based on my own experiences, the most powerful google dork syntax to find those phpshells is by using “allintext” syntax , which will simply grab any sites with your desired text on its content. If you’ve been familiar enough with phpshells , you must have known what ’s the main characteristic on phpshells themselves , you should know what kind of texts should be appeared on phpshells . Just let’s go straight to the dork :
*To get more complete services of Rapidleech and Rapidshare Premium Account , you can go here : WWW.XDFG.NET for a full version of the rapidleech list !*
allintext:”Safe-mode: OFF (not secure)”
The google dork above will find any type of phpshells , c99 , r57 , or even c100 ? you’ll simply get ‘em all And of course, it’s not the only way to get phpshells by google dorking , there are still many working google dorks to find those shits , just be creative , okay ?
2.Upload the script!
Just go get yourself rapidleech script , which can be downloaded on www.rapidleech.com. You’ll get it downloaded as *.zip or *.rar files. Since most of phpshells hosted in hacked *nix servers , it means you can’t extract *.zip/*rar there. The recognized compressed archive filetype in *nix should be *.tar , *.tar.gz or *.tar.bz2. So , all you have to do is extract the *.zip/*.rar files , and then convert it back to *.tar files .If you don’t know how to do it , just go get yourself a guide to Linux command lines ..LOL
After you get yourself the rapidleech.tar file , now you should explore the phpshells you just already got. In order to get your script uploaded , you must find any directory with 777 permissions on it (as long as it’s still under webserver’s directory) , which means it enables you to read,write, and execute scripts on it. You can find them by using the linux command :
find / -type d -perm 777
Then you’ll get the list of any writable directories! And then change your current working directory to the directory with 777 permission on it(eg. /var/wwwroot/hacked.com/hacked_dir/). And then upload your rapidleech.tar ! and get it extracted !
Now you could access your rapidleech on www.hacked.com/hacked_dir/ . It’s just that simple.