How to open Shell on web server using PHP

Web servers are the most vulnerable for attacks. Because they directly connected with internet and also what are they meant to be. So for a hacker web server is a good start. Spidering web site, directory traversal, catching the x site scripts and finding holes in a web site is lead to a good hack. So here i'm going to explain a good trick to hack a web site using php script. But there should be some vulnerables in the particular web site in order to make this hack.

<?php
$output = shell_exec('ls -lart');
echo "<pre>$output</pre>";?>

If you are using apache go to www/html/ directory, copy this code to text editor and save it as shell.php . Now open your browser and type localhost/shell.php and press enter. Now you will see your web server's root directory file list in the browser. This is the basic of the script that i'm going to talking about. In this we have use the shell_exec function to interact with our server's terminal. So using a script like this we can get advantage of the web server's system vulnerabilities to make our goal.

Most of web servers connected to internet are vulnerable for these kind of attack which cause of they have not set certain security measures. They allowed to users to upload files to the server. So the hacker can get advantage of this.

In such a situation you can upload the files which are very famoused called "PHP shell". You can download this files from this link

  For testing you can place these files in you root web directory (/www/html/) and simply go to your web browser as above and type localhost/pwhash.php .

 In here you can create a user and the password for this phpshell script. We have to put that username and password to phpshell.php script. So firstly fill any desired user name and a password and click on update. It will generate a hash for the password in front of the username. You will ask to copy that under the [users] section of the config.php file. Copy it and now type on the URL bar localhost/phpshell.php.

Now you will get a login screen. Type the username and password you created and log. Now you see that we are in the terminal with root privileges and we can execute any command.

Now if you want to upload this in to a remote web server and test, simply upload phpshell.php and config.php. Those two files are enough for our hack. If the server has ftp enabled and you broke the ftp password or anonymous enabled, and also the ftp root directory is in web server's root directory (such as IIS server) you have a easy hack using this two files. Just upload the files and type the URL to open the phpshell in your web browser. And just type your user name and password that you've created and login.

You can use this as your wish for many purposes not only hacking. It's upto you and this is a simple guidance of the phpshell.

Happy hacking!