Search This Blog

WeBaCoo(Web Backdoor Cookie) script kit v0.2.1released

The WeBaCoo (Web Backdoor Cookie) script-kit is a tiny stealth PHP backdoor that is capable to provide a “pseudo”-terminal connection on a remote web server injected with a chunk of malicious PHP code. It does so by sending the server’s command output using the HTTP response headers. It sends shell commands hidden in Cookie headers obfuscated with base64 encoding and the output is transmitted back to client hidden (base64 encoded too) in Cookie headers after execution.”


+ MySQL CLI support
+ Support for extension modules

Since 0.2.1 version an extension module support has been added in order
to provide extra functionalities to WeBaCoo. Within terminal mode you
can execute 'load' to list the available modules and initialize the desired
one from the list. By typing 'unload' you can restore back to the initial
terminal mode.

Share it:

PenTesting Tools

Software Release