Skip to content

NXNJZ

Linux and Security

  • BLOG
  • Cowsay Fortune
  • Contact
  • Gitlab
  • Company Homepage

WebShells

Posted on June 20, 2018 - August 20, 2018 by nxnjz

Basics

If you don’t understand what a shell is, click here.

A webshell is usually a web page that allows the user Operating System control, usually via a command line.

Many webshells also provide a graphical interface for ease of use.

You should only use a webshell when more conventional access, like SSH or the almost obsolete Telnet, is not available.

Some may work better than others, some may not work at all depending on the security measures employed by the target.

Watch out for webshells that are backdoored. While webshells are usually considered backdoors themselves, many of them will “phone home”, letting someone (whoever put the backdoor in place, usually the developer) know that they have been executed. That person may then use the backdoor themself for nefarious purposes.  So make sure you look at the code before using a webshell, or look at HTTP traffic generated upon execution of the file. The latter will not necessarily show the existence of the backdoor in your shell. The files listed below are from reputable sources only, so you may trust them.

 

WebShells

 

    • Laudanum at github: A collection of webshells in different languages.
    • Antak PowerShell Aspx: Simple and works very well.
    • WeBaCoo: Perl script for generating php backdoors, also allows to connect to a backdoor from your terminal for terminal-like access.
    • Weevely:  Powerful python script for generating backdoors, connecting to them, and running different modules to help with many tasks.

 

 

Posted in Web-ShellsTagged asp, aspx, backdoor, php, shell, web, webshells

Post navigation

Wifi

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • CVE-2021-42052 full disclosure
  • How to Set Up an Interactive SSH Honeypot on CentOS 8.
  • HackTheBox.eu Jarvis Writeup
  • How to setup a simple proxy server with tinyproxy (Debian 10 Buster)
  • How to Install qdPM 9.1 on Debian 10 LEMP

Tags

802.11 ampache apache aspx bash cd centos cms crm cve debian exploits fedora fulldisclosure hackthebox honeypot http httpd ifconfig iw iwconfig labs lfi linux mariadb memory monit music nginx pastebin php privatebin privesc project management proxy reconnoitre selinux shopt ssh systemd txpower ubuntu wallabag wireless xxe

Categories

  • BASH (1)
  • CTF/Labs (2)
  • CVE / full disclosure (1)
  • Information Gathering (1)
  • Linux (25)
  • Password Cracking (1)
  • Privilege Escalation (2)
  • SQL Injection (1)
  • Web-Shells (1)
  • Wifi (2)
  • XXE (1)

Recent Comments

  • Christian Mora on Installing Ampache on CentOS 7.
  • Mike on How to Install PrivateBin on Debian 9.
  • Writeup: HackTheBox Cap - Without Metasploit (OSCP Prep) - Learn from Tutorial - Abu Sayed on An Interesting Privilege Escalation vector (getcap/setcap)
  • JD on How to Install SuiteCRM on Debian 10 Buster
  • B1gD4Ddy on An Interesting Privilege Escalation vector (getcap/setcap)