Use eval() instead of exec/system

[infodox]

Hey, just an idea for the PHP backdoor (I will be forking this and playing with it!), but using eval() or base64_eval and "testing" the system execution functions against the remote host, using the first one that works, might be a good idea.
Also perhaps support for sending commands/payload via other HTTP headers, such as Cookie and User-Agent might be a cool addition :)

Will be forking and playing with it myself, but I think using eval and "testing" the various system command functions is better than relying on just one, as it means you can try avoid being nailed by disabled functions in php.ini :)

Love this though, it will be forked :D

[lnxg33k]

This is a cool feature and I've checked the files you already sent, but it will take me some time to implement 'm into webhandler.
I'll start working on it after the exams.

[matiaskatz]

You can also use passthrough(). Besides sending commands via other HTTP headers, you can also encode it to bypass URL filtering

[lnxg33k]

Writing a function to check for available system functions then using the 1st one is in our to-do list.
Also planning to do some code obfuscation and sending encrypted data instead of plain one.
Thanks @matiaskatz for suggestions and hope you'll find all of them implemented soon.

[adderall]

Hey guys, you can also attempt passing payloads through a JPEG Image via its EXIF headers ... base64 or otherwise encoding the payload string. I surprisingly have not seen anybody doing that yet in PHP. Read it back out on the remote host and execute your code via whatever results in a successful delivery of your command cycle result keys.