A Good Shell Is Hard to Choose

ID COALFIRE:45DC8D491B3F83DD9D40E09BA11F1318
Type coalfire
Reporter The Coalfire Blog
Modified 2018-03-26T16:24:58


I had the recent opportunity to speak at BSides SLC, held on the Sandy campus of Salt Lake Community College. I tailored my presentation to the student demographic and chose to talk about one of the fundamental concepts that a penetration tester must understand: types of shells. I touched on the differences between simple shell interaction and a full-featured terminal and then launched into a discussion focusing on web shells. Following the theory conversation, I demonstrated how control over a server could be established by exploiting a file inclusion vulnerability and default credentials to deploy two different web shells, each adapted for the particular platform.