Shell Generator Module

#Shell Generator Module This module is to be used to generate backdoors in various languages. To maximize its full potential it can be used in conjunction with the Web Herd module. If you are not a developer but have found a way to upload a malicious script based on configurations done on various web applications , this would come in handy as your lack of knowledge would not be a hindrance in enhancing your attack. Currently it supports generating web shells in the following languages :

• PHP
• ASP
• ASPX
• JSP
• JSPX
• CFM

Without using the WebHerd Module the use case for each generated script by default will take the following format.

http://victim.site/uploaded/malicious/backdoor.extension?cmd=<command>

Take an example where an attacker finds a vulnerable XAMPP 1.7.3 with default Webdav credentials which allows you to upload a shell in: http://victim.site/webdav/shell.php the shell can be generated and used as below :

• Click Web Utils
• Click Shell Generator (by default it will be on PHP which is what we need so no need to change that value)
• Click Generate Shell
• Copy the code given and paste in shell.php
• Upload via the Webdav Exploit

Access the shell via:

http://victim.site/webdav/shell.php?cmd=whoami