Catchy title don’t you think?

Web shells provide an excellent way to exploit misconfigured web servers. SQL injection, upload scripts, webdav, PUT methods, etc. We can all appreciate command line administration through the web browser! Even better, web shells often allow us to access parts of web servers that normally are quarantined off if we crack SSH, FTP, etc.

So, wheres the good stuff you ask?

We start by featuring Evil1′s paper on web shells. “The paper covers web shells in PHP, ASP, JSP, Coldfusion, and Perl as well as hacking techniques for auditing each language (brief, but to the point).”

Evil1′s paper gives us some common blackhat shells to use. These are great and they have some magic built in to them but, they don’t always fit our scope.

If only we had a project that took all the great features of these shells and cleaned them up for penteters… oh wait, we do!

Laudanum, a Kevin Johnson (a la InGuardians) project, provides these shells for penteters. They have most of the built in privilege magic that the common c99 and r57 shells have and some come with built in authentication so malicious users just cant pop by and use our shells.

If you skip reading the paper by Evil1, which i don’t suggest, he highlights the awesome pentestmonkey reverse PHP shell which shoots out a shell egress that we can catch with netcat. Pure awesome.

php, jsp, cfm, asp, perl, etc, between these two resources we can control most platforms in an easy and flexible way.

Greetz to all those at Shmoo! Get me a damn t-shirt will ya!