Web Shells Penetration Testing (Beginner Guide)

Through this article I would like to share file uploading using different type web shell scripts on a web server and try to get unauthorized access in the server.

Web shells are the scripts that are coded in different languages like PHP, Python, ASP, Perl and many other languages which further use as backdoor for unauthorized access in any server by uploading it on a web server.

Once the shell get uploaded on the target location, the attacker may able to perform the read and write operation directly, he will be able to edit any file or delete the file from the server.

 Attacker: Kali Linux

Target: Bwapp

Let’s begin!!!

 B374k Shell

 Open terminal and type following command to download b374k script from github.

 Git clone https://github.com/b374k/b374k

 This is a PHP shell which provides reveres connection to the attacker machine and where he can execute the command to retrieve victim’s information.

Following command will create a malicious file shell.php as the backdoor shell with password raj123.

Php –f index.php — -o shell.php –p raj123

Now let’s open the target IP in browser: 192.168.1.103:81/bWAPP/login.php. Enter user and password as bee and bug respectively.

Set security level low, from list box chooses your bug select Unrestricted File Upload now and click on hack.

Here you can see the web server allow us to upload an image under the web page of unrestricted file upload.

Click on browse to upload the shell.php in the web server and then click on upload.

Now you can read the message from the screenshot that”image has been uploaded here” which means our php backdoor is uploaded successfully. Now click on the link “here”.

Here required password to execute shell.php and I had given raj123 as its password.

From given screenshot you can see, we are inside the directory of images.

Click on terminal tab from menu bar of b374k which will provide victims terminal to execute the desired commands. From given image you can read the command which I have executed.

Lsb_release -a

Now I will connect b347k shell from netcat and try to access victim’s shell. Open the terminal in kali Linux and type following command for netcat.

nc 192.168.0.103 8888

 Inside shell b347k from menu select network option to open bind connection give IP of target: 192.168.0.103 as server IP and port 8888 now scroll down the list and select Perl then click on run.