How to Upload a Shell to a Website

Introduction

In this tutorial, we will demonstrate how to easily upload a backdoored PHP web crush on a target WordPress site via the aggressor's browser with previously caused WordPress admin credentials. Nosotros'll likewise provide some useful security tips on preventing adversaries from uploading a PHP web vanquish.

Web shells are deemed to exist post-exploitation tools. Prior to a spider web shell beingness deployed in a cyber assault, a vulnerability ought to be discovered on an adversarial web application.

A common method to initially uploading a web beat on a target's site is by ways of a spider web page where file uploading is possible. For instance, an attacker could utilize a form on the target'southward website which permits visitors to submit something. In that example, a local file inclusion (LFI) vulnerability may be executable in the target web awarding to include the web shell in the relevant page.

The best PHP shells are available to download for free.

Disclaimer: This is an ethical hacking tutorial. Nosotros are non responsible for your own actions.

Uploading A Beat out On A WordPress Site

We volition illustrate two ethical hacking methods for uploading a spider web shell to a WordPress site easily.

Method ane: File Manager Plugin

We will install a WordPress plugin called File Manager that will permit us to install a PHP web vanquish on the target server.

Before we can go on, ensure that you are logged in as a WordPress admin to access the backend dashboard.

one. In The WordPress Admin Dashboard, Go To Plugins > Add New.

In the search box located to the right, type "file managing director".

ii. Click "Install Now" Push button Of File Manager To Install The Plugin.

The File Director plugin allows us to upload a shell easily to the target site.

3. Click "Activate" Button Of File Manager To Actuate The Plugin.

4. Go To File Manager.

five. Upload Your PHP Spider web Trounce Via File Manager Plugin.

In this tutorial, we'll choose to upload the c99 shell to our exam server.

6. Under File Manager Manager, Click On Your PHP Shell.

Our instance shows that we select c99.php.

7. Observe That Your Shell Has Been Uploaded.

Congratulations! Your shell has been updated to the target server.

If you want to delete a shell, go back to the File Manager interface and right click to delete information technology.

Method 2: Theme Upload

Some other way to upload a shell on a WordPress site is to put in the shell in the theme folder and shrink information technology to a zip binder. You could even modify an existing theme file and insert the backdoor code into it.

This technique could serve to be more than viable than straight editing a theme's file using the Theme Editor born WordPress. The reason is that the site ambassador may have already disabled the ability to edit theme files in the WordPress interface for security purposes.

Preventing Hackers From Uploading A PHP Web Shell

Preventing attackers from being able to upload and execute their web shells is undoubtedly viable. The subsequent recommendations may assist in mitigating the risks of webshells:

• Deploy a reputable enterprise Web Awarding Firewall (WAF) such as F5, Akamai, or Imperva. Either on-premises, in the cloud, or a combination of both will suffice. Note that a WAF does not serve as a substitute for poor security habits. An attacker may be able to featherbed a WAF contingent on the circumstances.
• Obtain third-party penetration testing services to perform penetration testing on your server and application.
• Patch the system and awarding when an update is available as soon every bit possible.
• In the event that your site has become compromised past a malicious cyber actor, you ought to modify all of your existing account credentials that are tied to your site. Moreover, your customer's credentials will as well be compromised, and they should be notified to alter their credentials also.
• Customize your default WordPress installation and apply hardening techniques to strengthen the CMS. For case, change the name of your WordPress contents folder (default is wp-content) and uploads folder (wp-content/uploads) to subtract the risk of compromise by automated hacking tools and bots.
• Install and utilize a security plugin such equally Wordfence or iThemes Security Pro.
• Modify your server's existing php.ini file to forbid base64_decode functionality. Locate the line that says "disable_functions =" and modify it to "disable_functions = eval, base64_decode, gzinflate".
• Professional person penetration testers should always deploy manual and automated pentests including web vulnerability scanners such equally Acunetix and Burp Suite Professional.
• Apply ModSecurity to browse every zipper file that is uploaded.
• Be aware that item file types like .jpg and .gif may include destructive PHP code inside the paradigm headers.
• Utilize 2-factor hallmark on the WordPress CMS to decrease security risks in your corporate environment.

The in a higher place advice is significant, but there are other ways to ameliorate WordPress security.

Information technology is essential to protect your WordPress installation as hackers can e'er take advantage of free tools to scan your site for potential vulnerabilities that they can exploit.

Sunny Hoi

Sunny Hoi is the Founder and Editor-In-Chief of 1337pwn. Equally a security researcher and digital forensic annotator, he is actively engaged in technical research and evolution. Sunny is distinguished for his technical sophistication and unique capabilities. He is a University of Toronto alumnus.

whitneypubset.blogspot.com

Source: https://www.1337pwn.com/how-to-upload-php-web-shell-on-wordpress-site/

Share this post