Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Self contained htaccess shells and attacks
Perl
tree: 3c6819b643

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
LICENSE
README
apache.dos.htaccess
htaccess.php
mod_auth_remote.phish.htaccess
mod_badge.admin.htaccess
mod_caucho.info.htaccess
mod_caucho.shell.htaccess
mod_cgi.shell.bash.htaccess
mod_cgi.shell.windows.htaccess
mod_clamav.info.htaccess
mod_hitlog.info.htaccess
mod_include.shell.htaccess
mod_info.info.htaccess
mod_ldap.info.htaccess
mod_perl.shell.htaccess
mod_php.shell.htaccess
mod_php.shell2.htaccess
mod_php.stealth-shell.htaccess
mod_rewrite.dos.htaccess
mod_sendmail.rce.htaccess
mod_status.info.htacess
stsh.pl

README

HTSHELLS - Self contained web shells and other attacks via .htaccess files.

Attacks are named in the following fashion, module.attack.htaccess.
Pick the one you need and copy it to a new file named .htaccess, check the file to see if it needs editing before you upload it.
Web shells executes commands from the query parameter c, unless the file states otherwise.

- apache.dos.htaccess
  Makes all requests return a 500 internal server error

- mod_auth_remote.phish.htaccess *untested*
  Forward basic auth credentials to server of your choice

- mod_badge.admin.htaccess
  mod_badge admin page binding

- mod_caucho.info.htaccess *untested*
  Server status binding for the mod_caucho Resin java server module

- mod_caucho.shell.htaccess *untested*
  JSP based web shell

- mod_cgi.shell.windows.htaccess *untested*
  Gives shell through php.exe via apache cgi configuration directives

- mod_clamav.info.htaccess
  Clamav status page binding

- mod_hitlog.info.htaccess
  Directory traversal attack via hitlog module tries to read /etc/passwd

- mod_info.info.htaccess
  Server info binding for Apache

- mod_include.shell.htaccess
  Server Side Include based web shell, access via http://domain/path/.htaccess?c=command

- mod_ldap.info.htaccess *untested*
  Server status binding for the mod_ldap server module

- mod_perl.shell.htaccess *incomplete*
  TODO

- mod_php.shell.htaccess
  PHP based web shell access via http://domain/path/.htaccess?c=command

- mod_php.stealth.shell.htaccess
  PHP based stealth backdoor - see http://www.justanotherhacker.com/2011/12/writing-a-stealth-web-shell.html for tutorial

- mod_rewrite.dos.htaccess
  Regular expression dos condition in mod_rewrite consumes a child process

- mod_sendmail.rce.htaccess *untested*
  Executes commands configured in the .htaccess file by specifying path and arguments to "sendmail" binary

- mod_status.info.htacces
  Server status binding for Apache

Wireghoul - http://www.justanotherhacker.com
Something went wrong with that request. Please try again.