Using C99Shell to test server for vulnerabilities
Posted on 2013-01-17
I'm setting up a new webserver for a client of mine.
In the past, we have had a production server be compromised using a tool called "c99shell". It was a PHP file which provided a number of useful features to an attacker like the ability to browse the local filesystem, download arbitrary files, and attempt to execute code or run arbitrary commands on the server by taking advantage of various vulnerabilities in PHP and Apache.
They used the tool to upload phishing websites to the various customers who had chmod 777'd on directories in their webspace. Effectively, this let them "infect" those customer's domains.
TBH, thoguh, it was a pretty useful looking tool... something I wouldn't have minded having on my own webserver (locked down of course so only I could access it). In the hands of a sysadmin it could be a very helpful utility to have around.
I'd like to test that our new webserver is safe from these kinds of attacks, and I'm tempted to just upload c99shell to the server and play with it - pretend like I'm the attacker. I don't really want to re-invent the wheel and try to do penetration tests by manually writing out PHP code.
So my question is - is anybody familiar with c99shell? Is it safe to use for this purpose or does it have any other malware or malicious payloads inside that maybe I should just stay away from? Like, for example, reporting the "compromised" server to a third party hacking group and drawing bad attention to my server unnecessarily.
Alternatively, are there any other "webserver security" tools I can use to do some security tests against my server with?