Here are some steps you could follow in order to find hacked servers with phpshell backdoors hosted in it , and to upload Rapidleech script on the hacked servers by yourself.

1.finding phpshell backdoors

There are many kinds of phpshells out there , and what we are gonna do is to find them using some Google Dorks . Based on my own experiences, the most powerful google dork syntax to find those phpshells is by using “allintext” syntax , which will simply grab any sites with your desired text on its content. If you’ve been familiar enough with phpshells , you must have known what ’s the main characteristic on phpshells themselves , you should know what kind of texts should be appeared on phpshells . Just let’s go straight to the dork :

*To get more complete services of Rapidleech and Rapidshare Premium Account , you can go here : WWW.XDFG.NET for a full version of the rapidleech list !*

allintext:”Safe-mode: OFF (not secure)”

The google dork above will find any type of phpshells , c99 , r57 , or even c100 ? you’ll simply get ‘em all And of course, it’s not the only way to get phpshells by google dorking , there are still many working google dorks to find those shits , just be creative , okay ?

2.Upload the script!

Just go get yourself rapidleech script , which can be downloaded on www.rapidleech.com. You’ll get it downloaded as *.zip or *.rar files. Since most of phpshells hosted in hacked *nix servers , it means you can’t extract *.zip/*rar there. The recognized compressed archive filetype in *nix should be *.tar , *.tar.gz or *.tar.bz2. So , all you have to do is extract the *.zip/*.rar files , and then convert it back to *.tar files .If you don’t know how to do it , just go get yourself a guide to Linux command lines ..LOL

After you get yourself the rapidleech.tar file , now you should explore the phpshells you just already got. In order to get your script uploaded , you must find any directory with 777 permissions on it (as long as it’s still under webserver’s directory) , which means it enables you to read,write, and execute scripts on it. You can find them by using the linux command :

find / -type d -perm 777

Then you’ll get the list of any writable directories! And then change your current working directory to the directory with 777 permission on it(eg. /var/wwwroot/hacked.com/hacked_dir/). And then upload your rapidleech.tar ! and get it extracted !

Now you could access your rapidleech on www.hacked.com/hacked_dir/ . It’s just that simple.

All the things you need to solve this problem is , RapidLeech. Here are some example cases that ever happened to me :

1. I found Southpark (the movie) ’s rapidshare download links , which are separated by 7 parts of rar files.
2. I knew it’s impossible to do direct download to those 7 files in the same time.
3. Then i realized that all i have to do is to find 7 different servers(different ip addresses) that host RapidLeech script inside each of them. Those 7 RapidLeechers will be used to fetch the rapidhare files , before i download them to my real local box.
4. Schema : RAPIDSHARE LINKS <-> RAPIDLEECHERS <-> LOCAL MACHINE.

But , how the hell i could find those 7 rapidleechers in a fast way ? the answer is “Google Dork” man! This is a dork to find RapidLeech on google :

allintext: “Credits to Pramode & Checkmate”

examples results :

http://www.coiphimle.com/mrdie/zoom/index.php?act=files http://www.persianbyte.com/navidi/newdl/index.php

http://www.b0red.com/rapid/index.php?act=files

http://cfo.com.vn/RapidLeech/index.php

http://rs.allayth.com/rsdown/

http://f4vn.net/Forum/rapid/index.php

http://www.mastimag.com/files3/index.php

http://1dayofkami.org/canhac/rapid/

http://www.freebsd.sd/rapidleech/

http://samhee.com.vn/rap/index.php?act=files

http://samhee.com.vn/rap/

http://bemakhoe.com/rapid/index.php?act=files

http://www.dl4002.co.uk/test/

http://karname.4000webs.com/

http://rapiddown.org/

http://miaza20.com/

http://miaza20.com/index.php?act=files

http://www.thientan.net/minhkhue/index.php

http://alwa7dah.com/rapidleech/index.php

http://www.kafrawyhost.com/rl/index.php

http://f4vn.net/Forum/rapid/index.php

http://www.def.net.au/rsl/

http://rs.allayth.com/rsdown/

http://www.it-syria.com/rapid/

http://oxamj.com/rapidasv/index.php

http://canhac.cc/rapid/index.php

http://rapid.mms-community.com/index.php?act=files

http://www.thanhniensonla.com/rapidshare/index.php

http://omgwtfbbq.biz/rap/index.php

That’s all. But it’s only one of many google dorking tricks to find RapidLeechers , just be as creative as you can. Remember , that all the RapidLeech you’ll find on google are not Private (other people might have been using them) ,and it’ll require you to wait for minutes too. Just try hard to find the Private Ones!