htshells Frequently Asked Questions (FAQ)

Here are some frequently asked questions regarding the htshells project:

Q: Why not just make apache treat .jpg files as php and upload your shell as a .jpg file?
A: Although it will result in a cleaner looking shell it requires two files to be uploaded to the same directory. This is a one file attack. Use what you are comfortable with.

Q: Is it stealth?
A: No. Stealth shells requires a very different approach.

Q: How do I stop this attack?
A: Restrict what settings can be changed in a .htaccess file by setting appropriate AllowOverride controls for your uploads directory.

Q: Your shell produces alot of garbage, can that be avoided?
A: There are a number of ways to do it. I'm lazy and usually just do 'GET http://localhost/htshells/.htaccess?c=id | grep -A 2000 SHELL'

More to come...
No Clean Feed - Stop Internet Censorship in Australia
Creative Commons License
This weblog is licensed under a Creative Commons License.