Shell is a malicious piece of PHP code that can be uploaded to a site to gain access to files stored on that site. Once it is uploaded, the hacker can use it to edit, delete, or download any files on the site, or upload their own.

How to upload

Hackers usually take advantage of an upload panel designed for uploading images onto sites. This is usually found once the hacker has logged in as the admin of the site. Shells can also be uploaded via exploits or remote file inclusion.
 

Uses

Shells have many uses. They can be used to edit the webserver directory index page of site, and then hackers can leave their mark or "deface" for visitors to the site to see when they go to the homepage. Hackers may also use it to bruteforce FTP or cpanel, allowing them more access to the website. Shells can also be used to gain root access to the site. Some hackers may choose to host malware or spyware on the sites they have uploaded their shell to using various exploits.



0 comments