htshells Frequently Asked Questions (FAQ)
Here are some frequently asked questions regarding the htshells project:
Q: Why not just make apache treat .jpg files as php and upload your shell as a .jpg file?
A: Although it will result in a cleaner looking shell it requires two files to be uploaded to the same directory. This is a one file attack. Use what you are comfortable with.
Q: Is it stealth?
A: No. Stealth shells requires a very different approach.
Q: How do I stop this attack?
A: Restrict what settings can be changed in a .htaccess file by setting appropriate AllowOverride controls for your uploads directory.
Q: Your shell produces alot of garbage, can that be avoided?
A: There are a number of ways to do it. I'm lazy and usually just do 'GET http://localhost/htshells/.htaccess?c=id | grep -A 2000 SHELL'
More to come...
Q: Why not just make apache treat .jpg files as php and upload your shell as a .jpg file?
A: Although it will result in a cleaner looking shell it requires two files to be uploaded to the same directory. This is a one file attack. Use what you are comfortable with.
Q: Is it stealth?
A: No. Stealth shells requires a very different approach.
Q: How do I stop this attack?
A: Restrict what settings can be changed in a .htaccess file by setting appropriate AllowOverride controls for your uploads directory.
Q: Your shell produces alot of garbage, can that be avoided?
A: There are a number of ways to do it. I'm lazy and usually just do 'GET http://localhost/htshells/.htaccess?c=id | grep -A 2000 SHELL'
More to come...
