wireghoul / htshells Goto Github PK
View Code? Open in Web Editor NEWSelf contained htaccess shells and attacks
Home Page: http://www.justanotherhacker.com/projects.html
License: GNU General Public License v3.0
Self contained htaccess shells and attacks
Home Page: http://www.justanotherhacker.com/projects.html
License: GNU General Public License v3.0
Hello,
Im actually testing your shells in a Windows with Xampp and when I was trying to access to the .htaccess I was not able to read the file, so I just changed the rule for this other:
<Files ".ht*">
Require all granted
After that everything was working perfectly. Maybe depending on the apache version there are diferent rules, I think you should write both rules in your webshells to make sure it works in every server, the 'requiere all granted' and the 'allow from all'.
Thanks and good job!
Hello,
I tried to use your stealth htaccess.
I saved this file https://github.com/wireghoul/htshells/blob/master/mod_php.stealth-shell.htaccess as .htaccess and too as favicon as described at :
http://www.justanotherhacker.com/2011/12/writing-a-stealth-web-shell.html
I saved client from here: https://github.com/wireghoul/htshells/blob/master/stsh.pl
$ perl stsh.pl http://172.16.202.134/favicon.ico
Connecting to shell at http://172.16.202.134/favicon.ico - type 'exit' to exit
shell> id
Error! No payload in response!
shell> exit
Error! No payload in response!
$ perl stsh.pl http://172.16.202.134/.htaccess
Connecting to shell at http://172.16.202.134/.htaccess - type 'exit' to exit
I already have AllowOveride All into my apache directive.
Please, can you show me a correct direction to use this ?
Regards,
I'm looking to port this to metasploit, however on an ubuntu 20.04 apache 2.4.41 box with https://github.com/wireghoul/htshells/blob/master/shell/mod_cgi.shell.bash.htaccess I'm getting AH01630: client denied by server configuration: /var/www/html/.htaccess
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.