Web shells explained

- Jaimin Gohel

About Speaker

 

  • InfoSec Enthusiast
  • Developer @Qloo IT Solutions
  • Speaker @MozillaGujarat

@jaimin_gohel

Shell

In computing, a shell is a user interface for access to an operating system's services. In general, operating system shells use either a command-line interface (CLI) or graphical user interface (GUI), depending on a computer's role and particular operation.

A web shell is a script that can be uploaded to a web server to enable remote administration of the machine.

 

Why to use an webshell?

Webshell

  • Persistent Remote Access

  • Privilege Escalation

  • Pivoting and Launching Attacks

  • Zombie

 

What can we do with it?

  • File Management
  • Command line access
  • Database server access
  • Network Scanning

                        Versions

  • PHP, ASP.NET, JSP etc.
  • RAT(Remote Access Tool) for the web

Ways to upload a shell

  • File upload vulnerabilities
  • Insecure FTP
  • Command injection
  • Remote file included
  • SQL injection
  • Vulnerable services

Popular shells

  • C99
  • C100
  • r57
  • Fx29Shell
  • PLaToShell
  • b374k
  • WSO
  • Weevely

Shell via command injection

http://127.0.0.1/mutillidae/index.php?page=dns-lookup.php

Shell via unrestricted file upload

http://127.0.0.1/mutillidae/index.php?page=upload-file.php

Shell via SQLi

http://127.0.0.1/mutillidae/index.php?page=user-info.php

Tools to find web shells

  • PHP-shell-detector
    •  https://github.com/emposha/PHP-Shell-Detector
  • NeoPI
    • https://github.com/Neohapsis/NeoPI

Sources

  • http://r57.gen.tr/
  • http://www.r57c99.com/
  • https://github.com/b374k/b374k
  • Kali linux
    • usr/share/webshells language wise folders

Questions?

Made with Slides.com