Best Blackhat Forum

Best Blackhat Forum > Freebies > Software, Scripts, Plug-ins, Tools and Bots > Backdoor in Backupbuddy 601
Full Version: Backdoor in Backupbuddy 601
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2

xantor

05-10-2015, 11:54 AM
I found a backdoor script on backupbuddy 601 from wplocker, it ads the following code that you will only find when you use importbuddy, you can find the malware code at the end of the file importbuddy/pluginbuddy/_pluginbuddy.php. starting at line 1720.

If anyone used this version of importbuddy to restore/migrate a site check your db for strange users.

Never trust virustotal when using php scripts, it is impossible to keep track of so many php malware, your best bet is to unzip the script, load sublime text edit and do a file search for red flag words. some of the ones i use:

eval
exec
enqueue_script
system
base64
_decode
jquery
nilog
jqeury

and several others...

xantor

05-10-2015, 12:19 PM
If anyone need a clean importbuddy.php you can get it from the link bellow

get clean file here

we1000

05-10-2015, 12:23 PM
thanks fro the info

noobnoob

05-10-2015, 12:39 PM
Link broke... :(

xantor

05-10-2015, 12:54 PM
Sorry, new link for clean file importbuddy.php to see the password to import a bakcup open the php file it is in a comment by the base 64 coded password.

Bukan Siapa2

05-10-2015, 03:46 PM
Thanks Xantor for your info, but why you have "0" repp after you join mar 2014? *just asking :)

noobnoob

05-10-2015, 04:14 PM
@Xantor, I gave 1 rep for your effort.

DaniloIN

05-10-2015, 06:53 PM
+5 thank you for helping all

wprocker

05-11-2015, 11:39 AM
Sheeeeeeeeeeeeeet!!

+5 thank you all for helping, I was about to install on my site?!!!!

Have a good one

newwave

05-11-2015, 11:47 AM
Nice effort! Reps+
Pages: 1 2
Best Blackhat Forum > Freebies > Software, Scripts, Plug-ins, Tools and Bots > Backdoor in Backupbuddy 601
Reference URL's