Web Shells Penetration Testing (Beginner Guide)

Through this article, I would like to share file uploading using a different type of web shell scripts on a web server and try to get unauthorized access in the server.

Web shells are the scripts that are coded in different languages like PHP, Python, ASP, Perl and many other languages which further use as a backdoor for unauthorized access in any server by uploading it on a web server.

Once the shell gets uploaded on the target location, the attacker may able to perform the read and write operation directly, he will be able to edit any file or delete the file from the server.

Attacker: Kali Linux

Target: Bwapp

Let’s begin!!!

B374k Shell

 Open terminal and type following command to download b374k script from GitHub.

This is a PHP shell which provides reveres connection to the attacker machine and where he can execute the command to retrieve victim’s information.

The following command will create a malicious file shell.php as the backdoor shell with password raj123.

Now let’s open the target IP in the browser: Enter user and password as bee and bug respectively.

Set security level low, from the list box, chooses your bug select Unrestricted File Upload now and click on the hack.

Here you can see the web server allow us to upload an image under the web page of unrestricted file upload.

Click on browse to upload the shell.php in the web server and then click on upload.

Now you can read the message from the screenshot that”image has been uploaded here” which means our php backdoor is uploaded successfully. Now click on the link “here”.

Here required a password to execute shell.php and I had given raj123 as its password.

From given screenshot you can see, we are inside the directory of images.

Click on the terminal tab from the menu bar of b374k which will provide victims terminal to execute the desired commands. From the given image you can read the command which I have executed.

Now I will connect b347k shell from netcat and try to access victim’s shell. Open the terminal in Kali Linux and type following command for netcat.

Inside shell b347k from menu select network option to open bind connection give IP of target: as server IP and port 8888 now scroll down the list and select Perl then click on run.

This will give you reverse connection on netcat and from the given screenshot you can read the victim information which I have got when I execute the following commands.

C99shell Shell

Download c99shell from the given link

 C99shell is a PHP backdoor which provides details of files and folders when it gets uploaded and let you perform command execution through it.

This time again open web server IP in the browser to upload the c99shell.php

Here you can read the message from the screenshot that”image has been uploaded here” which means our php backdoor is uploaded successfully. Now click on the link “here”.

Here our php malicious file is executed where it is dumping the names of 25 files. From the screenshot, you can see all files under images directory are jpg, png, gif images.

Now select bind option from the menu to connect host from netcat. Repeat the same process to run netcat at the background and then give host IP: and port: 8888 select using Perl and click on connect.

This will give you a reverse connection on netcat.

Weevely Web Shell

Weevely is a command line web shell dynamically extended over the network at runtime, designed for remote server administration and penetration testing.

Its terminal executes arbitrary remote code through the small footprint PHP agent that sits on the HTTP server. Over 30 modules shape an adaptable web administration and post-exploitation backdoor for access maintenance, privilege escalation, and network lateral movement, even in a restricted environment.

Open the terminal and type following command which will create a web shell as backdoor.php on the Desktop with password pass.

Open the target location where you want to upload your backdoor. Now I am going to browse weevely.php and then click on upload to upload your web shell. Now you can see from the given screenshot the weevely.php has been successfully uploaded.

Make a right click on the link “here” and click on copy link location.

Again type the following command to start the attack on the web server and post above-copied URL with password raj123 inside the weevely command.

 Now you can see that I have got victim shell through Weevely. Now type the following command to retrieve victim’s information.

Type help in front of weevely which will show all module present inside it.

WSO Shell

 Download this script from the given link.

This also a PHP script which is quite similar to c99shell.php & b347k.php shells and performs the same function as the c99 script.

Again repeat the same process to upload wso2.5.1.php script inside the bwapp then click on the link “here”.

After executing the shell, you will see it has retrieved the basic information of the target and dump the files and folder names.

Now all options are the same as above, now try yourself to connect this shell with netcat.

Author: Aarti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here

1 Comment Web Shells Penetration Testing (Beginner Guide)

Leave a Reply

Your email address will not be published. Required fields are marked *