What Are SHELLS And How Do They Work For Web Hacking

Shells- I'm really sorry for not keeping up with my blog as i have been really busy with work but that still doesn't give me an excuse not to satisfy my loyal readers with more Hacking tutorials. I know many of you must have you have read about my post on How To Hack & Deface Websites with Shells, So I am pretty sure that the first thing that comes to your mind is "What are these shells?" . So this article would give you complete idea about shells and its use.


Difference between Bind Shell and Reverse Shell

Let us outline the basic differences between a Bind shell and a Reverse shell..

What is a Shell ?

A shell is a software that acts as a intermediary between user and the kernel. It provides the user an interface which provides access to the services of kernel.

Eg : Bash shell etc..

+-----------------+               _______________           +----------------+  | Tom             |Behind NAT     /              /           | Jerry        |  | With Private IP | ----> ----> /  Internet    /----> ----> | with Public IP |  +-----------------+            /______________/             +----------------+

OK, So in this scenario.. Tom has a computer connected to the internet with a private IP(no hosting) while Jerry is connected to the internet with a Public IP (Hosted)..It basically means Jerry's system can be accessed by any one connected on the internet but this doesn't apply for Tom as Tom's system being being the NAT cannot be directly connected by other Machines on the internet.

Bind Shell

Lets suppose Jerry encountered some problem with his system and need some help from Tom; He simply binds his shell (cmd.exe or /bin/bash) to a specific port and sends Tom its port number and other details, In this scenario Tom can simply connect to the Jerry's Machine and Get the Shell!!So in this case :-

Tom's End :-Connect to Jerry (Acts as a client)

Jerry's End :-Listen for connections (listen / act as a server and bind his command shell on the network..)

Reverse Shell
Now lets assume after some days Tom screwed up his system and now asks Jerry for his help..But in this case the bind shell cannot be used as Tom doesn't have a Public IP and his system is not available publicly!! Now to conquer this problem, Tom sends his command prompt to Jerry. And, In this case :-

Tom's End :-Would bind his shell and send it to Jerry through the network..(Connect)

Jerry's End :-Listen for connections , Respond to them (listen / act as a server)



Difference between FTP & Shells:

I also noticed that most of you that has been following my post on Hacking websiteshave issues in using the Shell after uploading. while some know how to use it but still get confused. So to start with, Let me give you some information about FTP:

File Transfer Protocol

Whenever you want to open your website, the first thing you will do is to get some web hosting for your self. When you get your hosting, you create a website on your computer first and then upload it to your hosting server so it becomes a World Wide Web. This process of uploading the documents from your computer to your hosting server is done through FTP [File Transfer Protocol]. It basically looks like a program with 2 columns, one column shows your computer files and another shows your servers files. Just like when you copy the stuffs from some USB drive to your computer. So here, I will show you an example on how you would connect if you own go4expert. when you want to connect your self to your web hosting server; The following information is required in order to authenticate yourself:

Server : ftp.go4expert.com
Username: Khalidsblog
password: whatever

So, once you put in this information, server understands that you are Khalidsblog and gives you access to all the files on the server so you can work on it.



Since you understand the FTP now, we know that none of us will get access to Go4expert's server because we don't have the access to admin Login & Password for authentication. But if we somehow get access to G4E's FTP, we can easily remove/edit/replace any file And even destroy the entire website and upload our own stuffs. That is when shells comes into the picture. Shells are malicious PHP files which you will need to upload to any website, and once you execute it you will get access to its server directly WITHOUT authenticating yourself.


Moral of the Story:

I clearly stated the difference between FTP and shells so that you won't have a hard time understanding them, because lots of people tend to get confused between them. So to brief it again;

FTP is a protocol that lets you connect your computer to your hosting server so that you can upload/edit/delete/replace your files. Since we wouldn't have the username & password to connect to any website's ftp, that's why we use the SHELL to get access. SO SHELL IS NOT FTP BUT IT GIVES YOU ACCESS TO THE HOSTING SERVER.


Shell is not a tool that you can just run and complete your work. As I said, its just a normal ".php" file, you have to find a way in any website to upload that shell. The Idea is, you upload the shell to any website so it will be saved on their server and it will give you the access to it easily.

Phase 1 : Uploading a shell:

Suppose you want to hack "website.com". So the first thing that you will do is, open up "website.com", and try to find some place from where you can upload the files on the website. There are many such places for example, "file uploads, avatars, resume upload, cooking recipe uploads, upload your photo". So these are the places which will give you an opportunity to upload your shell. All you have to do is, try to upload the shell ".php" which is located in your computer and click on submit. So suppose you went to the webpage "website.com/submit_resume.php" and you uploaded your resume.

Phase 2 : Executing your uploaded shelll:

Once we have uploaded the shell as shown in "Phase:1", we know that its sitting on the server. The only thing we need to do now is to execute the shell from a browser so we get access to it.

Let's assume i uploaded my shell as an attachment in THIS THREAD. we now know that my attachment is sitting on G4E's server. Now if we want to executive it, we will use following URL:

We would use the DIRECT URL to the attachment which is called EXECUTION. In the same way if you execute your shell, it will take you to a webpage where you will see everything that's on the server. And you will have FULL ACCESS to remove/modify/replace/delete any file.


Phase 3 : Defacing:

Defacing is a word which means "replacing the current index file[Homepage] with our own index file with our signature or name on it". which you can easily do when you have gained access to the server.

Different types of shells:

There are many shells available, most of them are public and some of them are private. Most of them do the same function to give you the access of the server. "c99, r57, j32" are some very common and easily available shells.


Where do I get them from?:

I'd have uploaded them here, but Google marked G4E as Harmful. So the best way is Google search with "inurl:c99.txt". You can replace c99 with r57, j32 or anything else.

Important Piece of advice:

I would highly suggest you download WAMP SERVER, which lets you make your own server on your computer. And then try to use the shells on it. Which helps you avoid hacking in live environment. Because, if web developer is smart then, he can simply check the logs for that shell fine and track down your IP which executed the shell. Then you might be in some problem.


Now that we understand what shells are, we shouldn't have a hard time executing it and using on any website we manage to get hold of. Do take a minute of your time to share to friends and do come back for more hacking tutorials. I remain Ethical Hacker[Sup3rson1x]