Skip to content

Latest commit

 

History

History
35 lines (22 loc) · 1.52 KB

T1100.md

File metadata and controls

35 lines (22 loc) · 1.52 KB

T1100 - Web Shell

A Web shell is a Web script that is placed on an openly accessible Web server to allow an adversary to use the Web server as a gateway into a network. A Web shell may provide a set of functions to execute or a command-line interface on the system that hosts the Web server. In addition to a server-side script, a Web shell may have a client interface program that is used to talk to the Web server (see, for example, China Chopper Web shell client). (Citation: Lee 2013)

Web shells may serve as Redundant Access or as a persistence mechanism in case an adversary's primary access methods are detected and removed.

Atomic Tests


Atomic Test #1 - Web Shell Written to Disk

This test simulates an adversary leveraging Web Shells by simulating the file modification to disk. Idea from APTSimulator. cmd.aspx source - https://github.com/tennc/webshell/blob/master/fuzzdb-webshell/asp/cmd.aspx

Supported Platforms: Windows

Inputs

Name Description Type Default Value
web_shell_path The path to drop the web shell string C:\inetpub\wwwroot
web_shells Path of Web Shell path C:\AtomicRedTeam\atomics\T1100\shells|

Run it with command_prompt!

xcopy #{web_shells} #{web_shell_path}