A web shell is a shell-like interface that enables a web server to be remotely accessed, often for the purposes of cyberattacks.[1] A web shell is unique in that a web browser is used to interact with it.[2][3]
A web shell could be programmed in any programming language that is supported on a server. Web shells are most commonly written in PHP due to the widespread usage of PHP for web applications. Though Active Server Pages, ASP.NET, Python, Perl, Ruby, and Unix shell scripts are also used.[1][2][3]
Using network monitoring tools, an attacker can find vulnerabilities that can potentially allow delivery of a web shell. These vulnerabilities are often present in applications that are run on a web server.[2]
An attacker can use a web shell to issue shell commands, perform privilege escalation on the web server, and the ability to upload, delete, download, and execute files to and from the web server.[2]
^ ab"How can web shells be used to exploit security tools and servers?". SearchSecurity. Archived from the original on 2019-03-28. Retrieved 2018-12-21.
^ abcdUS Department of Homeland Security (9 August 2017). "Web Shells – Threat Awareness and Guidance". www.us-cert.gov. Archived from the original on 13 January 2019. Retrieved 20 December 2018. This article incorporates text from this source, which is in the public domain.
^ abadmin (3 August 2017). "What is a Web shell?". malware.expert. Archived from the original on 13 January 2019. Retrieved 20 December 2018.
A webshell is a shell-like interface that enables a web server to be remotely accessed, often for the purposes of cyberattacks. A webshell is unique...
Look up shell in Wiktionary, the free dictionary. Shell may refer to: Shell (structure), a thin structure Concrete shell, a thin shell of concrete, usually...
security) Hacktivism Lamer List of convicted computer criminals Luser Noob Webshell, a tool that script kiddies frequently use Mead, Nancy R.; Hough, Eric;...
Shell plc is a British multinational oil and gas company headquartered in London. Shell is a public limited company with a primary listing on the London...
server, allowing users to run a web browser for the price of a shell account. While direct internet connections made shell accounts largely obsolete for...
Web content archived. We recognize that Ms. Shell has a valid and enforceable copyright in her Web site and we regret that the inclusion of her Web site...
improved security over dynamic websites (dynamic websites are at risk to webshell attacks if a vulnerability is present) Improved performance for end users...
publicly editable repositories to harm its reputation. Methods such as a webshell may be used to aid in website defacement. Religious and government sites...
PowerShell is a task automation and configuration management program from Microsoft, consisting of a command-line shell and the associated scripting language...
install a webshell, providing a backdoor to the compromised server, which gives hackers continued access to the server as long as both the webshell remains...
The Secure Shell Protocol (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Its most notable...
Progressive web apps employ the progressive enhancement web development strategy. Some progressive web apps use an architectural approach called the App Shell Model...
execution on the web server that runs the affected web application. An attacker can use remote code execution to create a webshell on the web server, which...
A nutshell is the outer shell of a nut. Most nutshells are inedible and are removed before eating the nut meat inside. It covers and protects the kernel...
Riskware Security in Web apps Social engineering (security) Targeted threat Technical support scam Telemetry software Typosquatting Web server overload causes...
from the old Italian term for the cowrie shell (porcellana) due to their similar appearance. Cowrie shells have held cultural, economic, and ornamental...
actors. This could include using anonymity tools (such as a VPN or the dark web) to mask their identities online and pose as criminals. Likewise, covert...
and in legitimate software. Websites may engage in spyware behaviors like web tracking. Hardware devices may also be affected. Spyware is frequently associated...
exploited to allow hackers to, for example, upload their files (such as a webshell) that collect sensitive information. Developers can also use tools to...
midden or shell heap) is an old dump for domestic waste which may consist of animal bone, human excrement, botanical material, mollusc shells, potsherds...
(2014). Grey Hat SEO 2014: The Most Effective and Safest Techniques of 10 Web Developers. Secrets to Rank High including the Fastest Penalty Recoveries...
chattels United States Secret Service Virtual crime White-collar crime Webshell Sukhai, Nataliya B. (8 October 2004). "Hacking and cybercrime". Proceedings...