Today we are going to discuss what is shell and a web shell.Let’s start with Shell.
You turn on your computer and see beautiful colors, themes, great icons and what not. This type of interface which includes graphics is called a Graphical user interface (GUI). But before the advancement of technology we had Command Line Interface (CLI). In GUI we use our mouse, graphical buttons etc. On the other hand, in CLI we have a command for everything, like for copying files, creating directories, kill processes and so on. Shell is a program which is used to run commands on a device.
Command Line Interfaces still exist in the time of graphic revoultion and hopefully will exist forever. Unix/Linux’s Terminal and windows’s Command Prompt are good examples of Command Line Interfaces.
Most of the times, whenever a hacker gains access to a machine its in a form of a shell. So if you hear someone saying “Hi! I have a shell over professor’s computer.” that means that guy hacked into professor’s computer and now he can run commands on it with a shell.
A web based script or program that gives access to the host server is called a Web Shell. You upload a Web Shell through a web app (website) and it gives you access to the server. Web shell must be written according to the language that the web servers supports, like if it runs ASPX then you will need to upload a ASPX web shell, if the server runs PHP then you will need to upload a PHP shell and so on.
This is how a web shell looks like
This is a very basic web shell, more sophisticated shells have more advanced features.
Uses of Web Shells
- Backdoor: A web shell acts as a backdoor into the web server, the attacker can access the web server by using the web shell anytime instead of exploiting a vulnerability every time.
- Zombie: The web server can be turned into a zombie by the web shell. A zombie is a backdoored device which can execute commands from the C&C Server or Command and Control Server. A large number of zombies connected to a C&C form a Botnet. Botnets are commonly used DDoS in where the attacker needs a large number of computers to attack.
- Privilege Escalation: Usually, the web shell doesn’t have root permission as it runs with the web server’s permissions. But the attacker can gain root permission by using a local exploit which can led to complete server takeover.
- Pivoting: Once the attacker gets access to a server, he can launch attacks or scan other servers. He can use the hacked server as a proxy or can even sniff the whole network using the access.
Some shells have a lot of features while others are minimalistic and designed to be stealthy. Black hats are often obsessed with web shells because they have to create botnets, infect servers etc. Web shells are usually uploaded by exploiting a file upload vulnerability or gaining access to the admin panel of the website.
Also Read: CPU, Memory and Buffer Overflow