https://github.com/ngang18/cybersercurity-maintainaccess
Creating and hiding a new Administrator access - Maintain Access - Ethical Hacking
https://github.com/ngang18/cybersercurity-maintainaccess
cybersecurity php wordpress wordpress-theme
Last synced: about 1 month ago
JSON representation
Creating and hiding a new Administrator access - Maintain Access - Ethical Hacking
- Host: GitHub
- URL: https://github.com/ngang18/cybersercurity-maintainaccess
- Owner: ngang18
- Created: 2025-06-14T11:36:39.000Z (about 1 year ago)
- Default Branch: main
- Last Pushed: 2025-06-14T12:04:54.000Z (about 1 year ago)
- Last Synced: 2025-06-24T20:15:11.247Z (about 1 year ago)
- Topics: cybersecurity, php, wordpress, wordpress-theme
- Language: PHP
- Homepage:
- Size: 7.81 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Cybersercurity-MaintainAccess
# Cybersecurity-MaintainAccess
This repository demonstrates the **Maintaining Access** phase of the Ethical Hacking process, specifically targeting WordPress-based e-commerce systems. This project was created as part of a university research paper on cybersecurity, with the goal of educating students and developers about the risks and behaviors of unauthorized persistent access through backdoor techniques.
> ⚠️ **Disclaimer:** This repository is for **educational and ethical research purposes only**. Do not use this code on any system you do not own or have explicit permission to test.
---
## 📂 Project Structure
This repository contains 3 PHP files, each representing a specific component of the backdoor process used to **maintain unauthorized access** in a compromised WordPress site.
### 1. `adduser.php` – Create Hidden Admin User
This script simulates a **backdoor injection** into the `functions.php` file of a WordPress theme. When accessed via a URL parameter `?backdoor=go`, it silently creates a new admin account.
**Key functionalities:**
- Checks if the username `new_admin` exists.
- Creates the user with password `new_pass`.
- Assigns the role `administrator`.
📎 **Used for:** Gaining persistent admin access without visible login credentials.
---
### 2. `hiddenuser.php` – Hide Admin from User List
This script hides the `new_admin` account from the WordPress user listing in the admin dashboard by altering the user query.
**Key functionalities:**
- Hooks into the `pre_user_query` action.
- Excludes `new_admin` from the SQL query that fetches users.
📎 **Used for:** Evading detection in the dashboard user list.
---
### 3. `notcountuser.php` – Exclude Hidden User from Count
This script modifies the WordPress admin interface to **not include the hidden user in total or admin user counts**.
**Key functionalities:**
- Hooks into the `views_users` filter.
- Adjusts the displayed count of total users and administrators.
📎 **Used for:** Creating the illusion that the user does not exist at all.
---