Webshell Script to Upload Files Kali Linux

Hi Aspiring Hackers. In this howto, we volition learn about Webshells provided past default in Kali Linux. In a previous article , we saw how one of the most pop shells can exist used to hack a website. All the same popularity has its ain disadvantages, at the least in the field of cyber security. The C99 php shell is very well known among the antivirus. Any common antivirus volition easily detect it as malware. Although information technology is unlikely that web servers will be installed with antivirus, however it is good to stay one step alee. Then today we will see some of the least popular but yet effective spider web shells.

Every bit you all know, Kali Linux is 1 of the best pen testing distros available. It would exist very disappointing if it didn't have web shells in its arsenal. Open a terminal and navigate to the directory "/usr/share/webshells" as shown below. As yous can see, web shells are classified according to the language of the website nosotros are trying to hack. Today we volition see almost PHP shells. So get into that directory and practise an "ls". You can run into the shells below.

At present permit us see their features by uploading each one them into web server nosotros want to hack. Encounter how to upload the shells.

1. uncomplicated-backdoor.php

Equally the name clearly tells, the functioning of this shell is very simple. It is used to execute some commands on the target web server. Let us go to the shell's link after uploading and execute the "net user" control as shown below. As already used in Office ane, this command gives us all the users nowadays on the Window'south system.

Similarly let us execute another powerful command "systeminfo" to get the spider web server's whole information as shown beneath. Sorry about the conscience.

php-backdoor.php

The php-backdoor, equally the name implies  is file upload shell just used to add together more backdoors. It helps united states of america in the example where we can't easily upload whatsoever additional files we want.

I works akin to file upload part in our Part 1. As you can see below, it has upload form and a office to execute commands. We tin can too connect to the database.

php-contrary-beat out.php

Every shell doesn't require us to visit the web server. In fact we can make the webserver visit united states of america. Enter the php-opposite-shell. As its proper noun says, information technology makes a opposite connection to our attacker system. In club for this beat to make a opposite connection, it needs an IP address. So before uploading this shell we need to change the IP address in the script to our IP address ( Kali Linux ) every bit shown below. Salvage it and close it.

Next, let us start a netcat listener in one of the concluding. If yous are new to netcat the command "nc -v -n -fifty -p 1234" tells netcat to listen verbosely on port 1234. Remember the port number should be aforementioned as we specified to a higher place.

At present when nosotros upload the trounce, On kali linux nosotros will go a terminal as shown below. Striking "ls" to meet the contents of the directory.

qsd-php-backstairs.php

The qsd-php-backdoor is compatible with both Linux and Windows web servers. As nosotros upload it, it will discover whether the web server is Windows or Linux and so acts accordingly. The screenshot is shown below. Every bit yous can meet we can movement to the root directory of web server and come back, execute beat out commands and SQL queries.

You lot already know what happens when nosotros execute "systeminfo" control equally shown below.

That's about webshells in Kali Linux. Promise it was helpful.

Follow U.s.a.

viavelf1951.blogspot.com

Source: https://www.hackercoolmagazine.com/upload-shell-hack-website-web-shells-webshells/

Share this post