When do You Need WebShell

Source: Internet
Author: User
Keywords webshell webshell attack webshell php
Generally, you will need a WebShell very much in the following scenarios:

You discovered and exploited a website vulnerability

Got web permissions but no system permissions

Hope to connect the system gracefully next time

The main function
In different usage scenarios and operating environments, the functions of WebShell are not the same. Typical WebShell functions mainly include the following categories:

Environmental probe

Resource management

File editing

Execute OS commands

Read registry

Create Socket

Call system components

Taking execution commands as an example, WebShell can call internal functions of script files to execute operating system shell commands. As long as the permissions are sufficient, you can play this function infinitely.


<?php echo system($_GET['cmd']); ?>




extensions
In fact, after years of application and expansion in the industry, WebShell has become more and more powerful. In some specific scenarios, WebShell can often play a super lethality.

Privilege escalation

In general, the permissions of WebShell are equivalent to those of Web Server. If you need more advanced system permissions, you need to increase the execution permissions of the shell. Some powerful WebShells can help attackers to elevate the permissions of Web Servers such as IIS/Apache/Nginx to the operating system Administrator/Root permissions.

DDoS

Using the computing power and bandwidth resources of the Web server to launch DDoS attacks can replace the clients that need to be implanted with Trojan horses in traditional botnets.

Web page hanging horse

The content of the webpage code is tampered with, and malicious JS code is implanted, so as to brush traffic and steal Cookies; even more, implant 0Day attack code for browsers or controls for visitors.

"Black Hat" SEO

It can only be said that this is a large industrial chain, and different content can be returned to crawlers and real users through page hijacking. You see in search engines that the titles of many gov websites are unsightly, which is usually a sufficient proof that this website has fallen. To see the effect, Baidu "inurl:gov.cn Mark Six" by yourself.

Proxy server

It is common for websites to be taken down and used as proxy servers. As we all know, usually websites are not lost in the IDC computer room, and the computing power and bandwidth resources are very abundant, so it is a very good choice to use as a proxy server. Especially when you want to access certain overseas resources, having an IDC server can help you make a ferry, which will be much faster.

Port scan

Although using a Web server as a scanner is inefficient and may not fully meet the requirements, it can effectively conceal the identity of the attacker to a certain extent.

Intranet detection

Web servers can often communicate directly with other servers in the intranet, such as database servers, LDAP servers, etc. Making full use of this advantage of WebShell can help intranet penetration attacks. The security policy between intranet servers is relatively loose, and the request response delay is low. WebShell is one of the best tools for spying on intranet intelligence.

Use your imagination

The powerful function of WebShell depends entirely on your imagination!

Classification based on function strength
Full-featured: everything can be done

Decathlon in the WebShell world. Of course, the basis for powerful functions is the large amount of code. Its string characteristics are obvious, and it is easy to be checked and killed by security tools.

Resource management: file and directory management

Usually this type of WebShell is called a webmaster management tool, which is convenient for webmasters to edit website files online. Of course it can also be used for malicious operations:)

Command execution: execute system commands

As the name suggests, the WebShell is only responsible for executing system commands. If the system commands are used well, everything can be done! for example:

http://www.example.com/cmd.php?cmd=cat /etc/passwd

Upload type: responsible for uploading "Malaysia"

In some special scenarios, the attacker cannot upload a versatile WebShell with a length of more than a few hundred K. In this case, you can choose to upload a simple "repeater" first. The relay WebShell is only responsible for one function, providing the ability to create new files on the server.



One-sentence type: short and powerful

As the name suggests, the code of this WebShell is only one line. Because of its short size, it has become an indispensable tool for home travel, killing, and penetration testing. In a word, WebShell is usually used to execute the script code passed by the client, not the parameters of a certain function or module. This provides a huge room for imagination for WebShell function expansion. A typical one-sentence WebShell code is as follows:

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.