wireghoul / htshells Goto Github PK

Hello,

Im actually testing your shells in a Windows with Xampp and when I was trying to access to the .htaccess I was not able to read the file, so I just changed the rule for this other:

<Files ".ht*">
Require all granted

After that everything was working perfectly. Maybe depending on the apache version there are diferent rules, I think you should write both rules in your webshells to make sure it works in every server, the 'requiere all granted' and the 'allow from all'.

Thanks and good job!

Hello,
I tried to use your stealth htaccess.
I saved this file https://github.com/wireghoul/htshells/blob/master/mod_php.stealth-shell.htaccess as .htaccess and too as favicon as described at :
http://www.justanotherhacker.com/2011/12/writing-a-stealth-web-shell.html
I saved client from here: https://github.com/wireghoul/htshells/blob/master/stsh.pl

$ perl stsh.pl http://172.16.202.134/favicon.ico
Connecting to shell at http://172.16.202.134/favicon.ico - type 'exit' to exit
shell> id
Error! No payload in response!

shell> exit
Error! No payload in response!
$ perl stsh.pl http://172.16.202.134/.htaccess
Connecting to shell at http://172.16.202.134/.htaccess - type 'exit' to exit

I already have AllowOveride All into my apache directive.
Please, can you show me a correct direction to use this ?
Regards,

I'm looking to port this to metasploit, however on an ubuntu 20.04 apache 2.4.41 box with https://github.com/wireghoul/htshells/blob/master/shell/mod_cgi.shell.bash.htaccess I'm getting AH01630: client denied by server configuration: /var/www/html/.htaccess