Web Shells

What are web shells?

To put it simply, web shells are scripts placed onto web servers in order to gain remote code execution.

How are web shells delivered?

The common methods of delivery would be via a file upload attack on the website. Some websites may not have sufficient defense mechanisms such as file upload validations to prevent malicious files from being uploaded onto the backend server.

For example, an image sharing website should only allow certain file extensions (PNG, JPG, etc.) to be uploaded. If file validations don’t exist, an attacker will be able to upload a script (ASPX, PHP, JSP).

How do web shells work?

Let’s take a peek at some common web shells to better understand how it works.