A Web shell is a Web script that is placed on an openly accessible Web server to allow an adversary to use the Web server as a gateway into a network. A Web shell may provide a set of functions to execute or a command-line interface on the system that hosts the Web server. In addition to a server-side script, a Web shell may have a client interface program that is used to talk to the Web server (see, for example, China Chopper Web shell client). (Citation: Lee 2013)Web shells may serve as Redundant Access or as a persistence mechanism in case an adversary's primary access methods are detected and removed.
This test simulates an adversary leveraging Web Shells by simulating the file modification to disk. Idea from APTSimulator. cmd.aspx source - https://github.com/tennc/webshell/blob/master/fuzzdb-webshell/asp/cmd.aspx
Supported Platforms: Windows
| Name | Description | Type | Default Value |
|---|---|---|---|
| web_shell_path | The path to drop the web shell | string | C:\inetpub\wwwroot |
| web_shells | Path of Web Shell | path | PathToAtomicsFolder\T1100\src| |
xcopy #{web_shells} #{web_shell_path}
del #{web_shell_path}