This article presents a general explanation of Web Shells, explores their various types, and discusses common strategies used for their deployment.
Despite their deceptive simplicity, Web Shells pose a significant security risk by enabling attackers to remotely access (hijack) and control servers.
Web Shell Explained
- A Web Shell is unauthorized, stealth software that provides remote system access without authorization
- Its significance as a threat lies in its evasive nature and ability to grant attackers administrative privileges, enabling actions such as
- Website vandalism
- Orchestrating Distributed Denial of Service (DDoS) attacks
- Privilege escalation attacks for accessing restricted services
- Any actions a legitimate root user could execute
Web Shell Classifications
- Bind Shell
- This type infects the victim's system to listen on a specified port, creating a standard backdoor
- Reverse Shell
- Also known as a connect-back shell, it conditions the system to initiate a connection with the cyber attacker's local machine or Command and Control (C2) System
- Double Reverse Shell
- A variant of the reverse shell where the target machine utilizes distinct ports for input and output
Deploy Web Shells
NOTE: The typical steps an attacker takes to accomplish this are as follows.
- Leverage a vulnerability to upload a web shell (payload) onto the target machine
- Relocate the web shell to a readily accessible public directory
- Utilize the web shell for file modification or upload
Comments
0 comments
Article is closed for comments.