Forum Thread: WebShells ...

So i have recently started looking into pentesting on the webapps side on things, never really had an interest in web hosting and pentesting, but now due to my work i need to get more of a hold on this area.

I detected on my SIEM a weird hit on a .gif file. Reading further into this i suspect it was a php shell hidden in a gif.

So i have got a php shell , from github, but not sure how to add it into a gif, ive looked at steganography but i dont think this is what im after here... looked at EXIF editors but again not too sure.

I use kali linux so ideally if there is a tool in there i can use to add a.php file to a image file i can then upload it to my own hosting provider and teach myself about it and the signs to look for.

Can anyone point me in the right direction on what to look for?
Much appreciated for any help.

Join the Next Reality AR Community

Get the latest in AR — delivered straight to your inbox.

3 Responses

You should look up for c99. Its a php shell.
The tricky part is to get it on a server.

For instance a website has some kind of upload function for profile picture or some stuff like that, they check the file extension so you cant upload .php or .exe files. You have to figure out how to get it on the system with the desired extension, bypassing the extension check of the web server.

exifl is the tool you looking for
cracker hacker already has a tut on that

ok cool i will look here for the tutorial

Share Your Thoughts

  • Hot
  • Active