SHARE

Clone or download the project:

git clone https://github.com/CosasDePuma/SecurityNotFound.git SecurityNotFound
cd SecurityNotFound

Installation

  • The src/404.php file should be located on the target server.
  • That server must have the ability to execute .php files.
  • Here is an example of some of the most common routes on which servers are located:

# ūüŹĀ Windows (Xampp)
C:\Xampp\htdocs\

# ūüźß Linux
/var/www/html/

Note: Obviously, you and I know that you have legitimate access to that server.

Also Read – Router Exploit Shovel : Automated Application Generation for Stack Overflow Types on Wireless Routers

Access Granted

Now, you can access it through the browser by clicking here.

Note: You can replace the server 404 error template to access from any invalid URL.

To access the control panel, press¬†TAB¬†key or search the password field using your browser’s tools.

The default password is: cosasdepuma.

 You can leave the $passphrase variable in the script as an empty string to directly access the control panel. If it is your intention, you have lost my respect.

 To set a custom value, insert your password into the $passphrase variable after applying the MD5 algorithm three consecutive times.

Control Panel

Banner

FunctionShown in the picture
Current userroot
KernelLinux
Release4.9.0-7-AMD64
Exit Button‚õĒ

You can also log out using the exit parameter in a GET request.

Buttons and their Functions:

  • PHPINFO : Shows phpinfo(); page.
  • EXPLOIT-DB : Searches for kernel-compatible exploits in exploit-db.com.
  • GEOLOCATE : It shows approximately in Google Maps the place where the server is physically located.
  • SELF-REMOVE : The shell deletes itself from the server.

Log Footprints

No of lines in access.logAction
1Access without logging in
1Access with the session already started
2Log in
2Log out
2Execute a command through the console
1Button: PHPINFO
0Button: EXPLOIT-DB
0Button: GEOLOCATE
2Button: SELF-REMOVE
1Problem: favicon.ico