Online Shell Services Backdoor Analysises | 2014

Service : http://sh3ll.org/
analysis : http://www.sh3ll.org/r57.txt

base64 Decrypt ettiğimizde Yakışıklı bir js şifrelemesi görüyoruz aşağıda.
Decrypt Edilmesini zahmetli bir hale getirmek için parçalara bölünerek çalışması sağlanmış.

JS Kodunu "JS.html" olarak bilgisayarınıza kaydedip,
Tamper Data ile girdi çıktıları kontrol ettiğinizde
Kel görünür kabak gibi.

http://sh3ll.org/ - Backdoored

---------------------------------------------------

Service : http://wwww.r57.gen.tr
analysis : http://r57.gen.tr/shell/r57.rar

http://r57.gen.tr - Backdoored

---------------------------------------------------

Service : Http://www.r57shell.net
analysis : http://www.r57shell.net/shell/r57.txt

http://www.r57shell.net - Backdoored

---------------------------------------------------

Common Service's  : www.dcvi.net     &    www.metalteam.org   &     www.r57shell.info
analysis : http://www.dcvi.net/r57.txt

www.dcvi.net &  www.r57shell.info & www.metalteam.org Backdoored

---------------------------------------------------

Service : http://www.c99txt.net/
analysis : http://www.c99txt.net/s/r57.txt

..
..

www.c99txt.net Backdoored

---------------------------------------------------

Service : www.r57.biz
analysis : http://r57.biz/txt/r57.txt

www.r57.biz Backdoored

---------------------------------------------------

Service : www.c99.gen.tr  (common r57.biz)
analysis : http://www.c99.gen.tr/c99.rar

www.c99.gen.tr Backdoored

---------------------------------------------------

Common Service's : www.c99php.com & r57txt.blogspot.com.tr & securitybash.blogspot.com.tr & c99-shell.blogspot.com.tr & c99rar.blogspot.com.tr & r57rar.blogspot.com.tr/

analysis : http://www.c99php.com/shell/symlink.txt

www.c99php.com
r57txt.blogspot.com.tr
securitybash.blogspot.com.tr
c99-shell.blogspot.com.tr
c99rar.blogspot.com.tr
r57rar.blogspot.com.tr   Backdoored

---------------------------------------------------

Service : www.r57-shell.com
analysis : http://r57-shell.com/shell/CWShellDumper.txt

www.r57-shell.com Backdoored

---------------------------------------------------

Service : www.r57shellc99.com
analysis : http://www.r57shellc99.com/shell/c99.txt

www.r57shellc99.com Backdoored

---------------------------------------------------

Service : www.c99-shell.com
analysis : http://c99-shell.com/shell/privc99.txt

www.c99-shell.com Backdoored

---------------------------------------------------

Service : www.w0rms.com
analysis : http://www.w0rms.com/shell/iranshell.txt

http://www.w0rms.com Backdoored

---------------------------------------------------

Service : http://podathon.org  &   http://shelldown.wordpress.com
analysis : http://podathon.org/shell/c99.txt

http://podathon.org  &  http://shelldown.wordpress.com Backdoored

---------------------------------------------------

Service : www.oco.cc
analysis : www.oco.cc/shell/c99.txt.zip

Decrypted:

www.oco.cc Backdoored

---------------------------------------------------

Service : www.r57c99shell.com
analysis : http://r57c99shell.com/txt/cmd.txt

www.r57c99shell.com Backdoored


---------------------------------------------------

Service : http://c99.me
analysis : http://c99.me/download/r57.php.zip

http://c99.me Backdoored

---------------------------------------------------

Service : www.r57.info
analysis : http://www.r57.info/shell/symlink.txt

www.r57.info Backdoored
---------------------------------------------------

Service : www.c99shelll.com
analysis : http://www.c99shelll.com/shell/symlink.txt

www.c99shelll.com Backdoored

/H4 SEC