webshell | Webshell backdoor found during intrusion analysis | Hacking library

i am making a fun little php webshell since i am pentesting for my exams and i have been stuck on a feature i want to add so it lets me see all of the files in the current directory. i have been stuck for quite a while here is the current code. EDIT:i want it to show all files in the webserver

We have a server deployed on amazon aws, the problem we are facing is that when ever there's a special character in the URL, it redirects to a 403 Forbidden error. It works fine on my local environment but not on live. See below

Does not work:

/checkout/cart/delete/id/243687/form_key/8182e1mPZIipGrXO/uenc/aHR0cHM6Ly93d3cuaG9iby5jb20ucGsvY2hlY2tvdXQvY2FydC8,

Works:

/checkout/cart/delete/id/243687/form_key/8182e1mPZIipGrXO/uenc/aHR0cHM6Ly93d3cuaG9iby5jb20ucGsvY2hlY2tvdXQvY2FydC8

Does not work:

/index.php/admin/catalog_product/new/attributes/OTI%253D/set/4/type/configurable/key/9f01c4b1a3f8c70002f3465b5899a54d

Works:

/index.php/admin/catalog_product/new/attributes/OTI253D/set/4/type/configurable/key/9f01c4b1a3f8c70002f3465b5899a54d

.htaccess for debugging

Given below is the htaccess code, but the thing is that this code works on my local.

I'm trying to use the JsonTypeAdapter in a modem to transmit some data from a remote source. The adapter is enabled through the modems startup script (JsonAdapter.enable()), and a TCP connection is established to the modem at port 1100. I follow the "Hello world" example in the Fjåge documentation and send the following JSON to the modem:

{"action":"send","message":{"clazz":"org.arl.unet.DatagramReq","data":{"data":{"clazz":"[B","data":"aGVsbG8gd29ybGQh"},"msgID":"8152310b-155d-4303-9621-c610e036b373","perf":"REQUEST","recipient":"phy","sender":"MyCustomInterface"}}}

I've set the logLevel to 'ALL' and can see that I get an incoming TCP connection in the log, but no data is being transmitted by the modem. I'm subscribing to the physical agent but am not getting any notifications in the WebShell (using UnetSocket works fine though).

I'm guessing that either the JsonAdapter isn't active on this TCP connection, the JSON string is faulty or not being sent properly by my application, or something else that I've missed.

I made a post function from c# to send a file to the webserver (php), every file that was uploaded was not filtered by the extension, I was afraid that if there were bad people uploading malicious files such as webshells or other malware into my web server. I only want one extension (.lic) that can be uploaded via the "post" function

When I open MS Teams in a Firefox Container tab, I get redirected a number of times and then I get

D'oh! To open the web app, you need to change your browser settings to allow third-party cookies.

I've opened Teams in a new FF profile and I can see it added cookies to the following domains:

• ams.skype.com
• img.teams.skype.com
• login.microsoftonline.com
• microsoft.com
• microsoftonline.com
• office.com
• office365.com
• outlook.office365.com
• portal.office.com
• sharepoint.com
• skype.com
• suite.office.com
• sway.office.com
• teams.microsoft.com
• teams.skype.com
• webshell.suite.office.com
• www.office.com

(which seem to belong to the O365 suite)

and also

• auth.han.nl
• han.nl
• hannl.sharepoint.com

which are specific to my organisation

I've tried adding all these to the container by adding them to "Always open with (Container)", but I keep getting the redirection. What else should I do to keep Teams in a container? I do not want to disable container tabs.

I'm not sure if this is more a PHP question then a Linux question but here goes.

I am practicing with web shells, and have a very simple one that looks like this;

A non-commercial website of mine, danijelaenjoriskoken.nl, has a strange problem.

On many systems it shows perfectly all images.

But, several systems (about 25% of known systems) don't show the images, only a blank rectangle with a small image icon in the center. However, if you right click this rectangle and choose 'View image', the correct image is shown. Returning back to the original page, the image suddenly shows up. Until you refresh the page... this causes the disappearance of the image again.

I can't figure out differences between browser showing and not showing the images:

1. I can see the images on my Android phone, on my mac book, on my Windows laptop and Desktop (IE, Edge, Safari and Chrome)
2. I can't see the images myself on my Android tablet. Friends not seeing the images are having iPhone 5 and 6, mac book, Windows Desktop.

It can't be a simple rights issue, as it is possible on every system to view the image, though you have to view the image directly first.

After having viewed, it can be shown in the page... until you reload, like it is due to some caching it is shown in the page. But this means that WordPress always knows about the correct location of the image.

I have googled and searched on this site, but I only find questions about completely missing images, due to incorrect rights, incorrect encodings, incorrect media libraries, etc.

Update 1 The problem seems to be caused by having www in the url (see the comments).

I do have WP Security module installed, which has a Copy Protection option, but that isn't checked.

I checked the .htaccess, but I can't figure it out myself. This is the content:

i try to use shell_exec() from my php web application the simple commandes by example "ls" works but with sudo not working:

shell_exec("sudo reboot");

this is the link :

http://192.168.1.8/controle/webshell.php?commande=sudo%20reboot

but the commande cannot be executed.

Any help ?

I have this website which i want to replace because its outdated, we made a new website. But as always before uploading the new website to the live environment i make a backup of the current live website. While i was downloading the Wordpress installation my windows defender popped up with the following message. Malware found:

Backdoor:PHP/webshell

What exactly is this? Is it dangerous for my computer or is it a backdoor for the website. How did this happen. Anything would be really helpful on this matter. Should i run a scan on my whole computer?

Thanks in advance.