AntSword Backdoor Detection Vulnerability Scanner

AntSword is a popular webshell management tool used by security professionals and attackers alike to control compromised web servers remotely. It offers a user-friendly interface to manage files, execute commands, and conduct database operations on a compromised server. The tool is typically used for penetration testing and security assessments. However, malicious actors can also use it to maintain access to compromised systems by installing a backdoor shell. The scanner aims to detect such unauthorized backdoor installations, helping secure the web servers.

The AntSword Backdoor Detection Scanner identifies critical security vulnerabilities where an AntSword application backdoor shell is installed on the target system. This backdoor allows attackers to maintain persistent, unauthorized access to the system, execute arbitrary commands, and potentially take full control. The presence of a backdoor shell indicates a severe compromise of the system’s security, highlighting the need for immediate remediation.

This vulnerability involves the placement of a specific PHP file (.antproxy.php) on the target server, which acts as a backdoor accessible to attackers. By sending a POST request with a specially crafted body to this file, the attacker can execute arbitrary PHP code on the server. The scanner checks for the presence of this backdoor by sending a test payload that generates a known MD5 hash if the backdoor file is present and executes the provided PHP code. A successful match of the MD5 hash in the response indicates the presence of the backdoor.

The exploitation of this backdoor can lead to complete server compromise, unauthorized access to sensitive data, and further lateral movement within the network. Attackers can leverage the backdoor to deploy additional malware, exfiltrate data, or use the compromised server as a launchpad for attacks against other targets. The critical nature of this vulnerability underscores the necessity for prompt detection and remediation.

S4E provides an essential service for detecting vulnerabilities like the AntSword backdoor through its comprehensive scanning capabilities. By becoming a member, you gain access to a wide range of tools designed to identify and address security weaknesses in your digital infrastructure. Our platform helps ensure your systems are safeguarded against emerging threats, offering peace of mind through enhanced cyber resilience.

References

• https://github.com/AntSwordProject/AntSword-Labs/tree/master/bypass_disable_functions/9