- Jun 9, 2013
- 6,720
Two Chinese security researchers have created a new Web shell that they open-sourced on GitHub for everyone to use, including the bad guys.
Seen for the first time in December 2015, this new tool, named Cknife, is coded in Java and includes server-side components that allow it to connect to Java, PHP, ASP, and ASP.NET servers.
The authors of this new tool are two Chinese security researchers, Chora and MelodyZX, also known as MS509Team.
Cknife created as a modern clone of China Chopper
According to a Recorded Future investigation, the two wanted to create a clone of China Chopper, a very efficient yet outdated (code-wise) Web Shell that was launched in 2013 and has been the preferred tool of Chinese red teams, criminal groups, and APTs.
There are a few things that Cknife and China Chopper have in common, like an icon and some quirks in dealing with HTTP requests, but the two tools are otherwise different, with Cknife being coded in Java while China Chopper was written in C++.
Additionally, Cknife opens connections between the Web shell GUI and the infected server via HTTP while China Chopper uses HTTPS. Recorded Future says that Cknife authors promised to add support for HTTPS in the coming months.
Full Article. New Made-in-China Web Shell Threatens the Security of Web Servers Worldwide
Seen for the first time in December 2015, this new tool, named Cknife, is coded in Java and includes server-side components that allow it to connect to Java, PHP, ASP, and ASP.NET servers.
The authors of this new tool are two Chinese security researchers, Chora and MelodyZX, also known as MS509Team.
Cknife created as a modern clone of China Chopper
According to a Recorded Future investigation, the two wanted to create a clone of China Chopper, a very efficient yet outdated (code-wise) Web Shell that was launched in 2013 and has been the preferred tool of Chinese red teams, criminal groups, and APTs.
There are a few things that Cknife and China Chopper have in common, like an icon and some quirks in dealing with HTTP requests, but the two tools are otherwise different, with Cknife being coded in Java while China Chopper was written in C++.
Additionally, Cknife opens connections between the Web shell GUI and the infected server via HTTP while China Chopper uses HTTPS. Recorded Future says that Cknife authors promised to add support for HTTPS in the coming months.
Full Article. New Made-in-China Web Shell Threatens the Security of Web Servers Worldwide
