They are code modules that can be described as a kind of penetration test that is written to gain certain powers in case unaware of Shell websites..
Shell is a code directory that allows us to obtain certain powers on Internet sites. Why are we unable to get full authority? In order to get full authorization, we have to be rooted in the hosting service used by the site. Well, if you ask “what is being root?”, Root is to enter the hosting company that the site has with the username and password of the site and then change the information and take it upon us. If we do this situation, we have full authority. Some of the privileges we can get without root are as read, write and delete.
What does Shell do?
As we mentioned in the upper paragraph, when we throw an ordinary Shell, we can get the powers such as reading, writing and deleting. These powers, on the other hand, provide us with access to codes running in the background, and the ability to view message traffic inside. Serious damage can occur if the shell is thrown by someone who does not know or if it will be used for malicious work. Therefore, it should only be used for security purposes.
How to Discard Shell?
In order to know how Shell is thrown, we need to take advantage of major site vulnerabilities. I will not explain these site deficits for a long time, but I plan to open and write another topic later.
1-Remote File Inclusion
Remote means remote, file inclusion means adding files, so adding files remotely. With remote access, you can get the right to add files and access databases under the directory.
In web applications, user data is generally kept as dynamic SQL data. It helps us learn the username and password by making short queries. The most famous example is to get the information by typing “or 1 = 1” in the answers of the username and password comparison queries. The purpose of the query made here is:
We ask the computer whether the username equals 1 or 1. The same goes for the password. Since the computer returns both values, we are logged in to the user’s account at the id we specified.
Exploit are pieces of code used to report the deficit in the system to the owner. It is not easy to write. Requires advanced coding knowledge. Returns a definitive result.
Social engineering is a kind of art that affects the other person. It is often difficult to do. In order to be able to do it, your persuasion and manipulation skills must be high level.
5- Upload Vulnerabilities, Logger and Spy Software