Shells are a form of code modules written to gain authorities on websites without their knowledge, a form of more simplistic pentesting so to say. Shell is a code string that ensures us rights to internet sites; so why doesn’t it ensure us full rights some ask. To achieve complete authority of this sort we will have to be rooted with the hosting service that the target page makes use of. So what does becoming “rooted” mean? Becoming rooted is when we access the hosting site that the target page is using with its username and password and later on change these data to have complete control of it. Achieving this means having root access. The authorities that we will come to possess without root access will only remain at reading, writing and deleting.
What’s the use of Shell?
As mentioned in the paragraph above; when we cast a simple Shell we become able to work with writing, reading and deleting rights. And these rights further enables us to access codes working in the background, view the message traffick inside and so on. If the shell is cast by someone who has no idea of how it’s properly done or is done with ill intentions in mind, serious damages can be made. That is why it is only advised to use it security purposes.
What is Shell? How is it Cast? How does it Work?
1) What is Shell?
2) How is Shell Cast?
3) How many Kinds of Shell is There?
Shell is a component that grants you permissions on the site that it is uploaded on. These permissions are constituted of; Reading, Writing and Deleting. On a site that you’ve cast a shell on you can come to use the permissions of the owner (admin) or at other times the rights of the owner of the server (host). We call this Permission Right.
On a server where the permissions are activated you can read, delete and upload any file or folder. On servers where these permissions are locked the access to these functions will be restricted. You will have to gain root access to benefit from full authority.
To use a shell to its full potential, it is important to know some of its commands. This is also to find a way of achieving full access on a host when starting out with limited access.
On most hosts manual transitions are allowed. With the Spoll/Mail section it is possible to figure out usernames of other sites on the same server for then to perform a manual transition from the address bar.
At some instances the shell that we have uploaded to the site only have restricted permissions and other times this is the case because of the site it has been uploaded to.
Buton the other hand if we happen to have unlimited access, but we still only wish to plant our own index, then we upload our Index.html folder and exit without further action.
But if our access is limited we will have to gain access to the site’s Config files, read these and attempt to connect through SQL.
I have now explained the purpose of and the instances of where a shell is used, as a hacker would have done it. Let’s move on to the next step.
If there are any section that is hard to understand and you’d like for it to be explained, then kindly leave a comment below.