PHP Shell is a shell wrapped in a PHP script. It’s a tool you can use to execute arbitrary shell-commands or browse the filesystem on your remote webserver. This replaces, to a degree, a normal telnet connection, and to a lesser degree a SSH connection.

You use it for administration and maintenance of your website, which is often much easier to do if you can work directly on the server. For example, you could use PHP Shell to unpack and move big files around. All the normal command line programs like ps, free, du, df, etc… can be used.

A backdoor shell is a malicious piece of code (e.g. PHP, Python, Ruby) that can be uploaded to a site to gain access to files stored on that site. Once it is uploaded, the hacker can use it to edit, delete, or download any files on the site, or upload their own.

How to upload

• Hackers usually take advantage of an upload panel designed for uploading images onto sites. This is usually found once the hacker has logged in as the admin of the site. Shells can also be uploaded via exploits or remote file inclusion.

Uses

• Shells have many uses. They can be used to edit the webserver directory index page of site, and then hackers can leave their mark or “deface” for visitors to the site to see when they go to the homepage. Hackers may also use it to bruteforce FTP or cPanel, allowing them more access to the website. Shells can also be used to gain root access to the site. Some hackers may choose to host malware or spyware on the sites they have uploaded their shell to using various exploits.

• Please be noted that much of shell contains malwares and ‘Mark / deface page’ might contain malwares to obtain visitor`s password as well .

Prevention

• To prevent a site from having a shell uploaded onto it, a webmaster must always keep up with the latest security updates and make sure to have a secure admin panel. They must also make sure that if they do have an admin panel they make sure it only permits the user to upload .jpeg, .png, and other image file types only.
• Also administrator need to make sure that there wont be any errors on your PHP code / dummy files are successfully removed from the cpanel . Also please be informed that some of them use other methods such as Keyloggers, or other things rather than doing backdoor shell .

Do not host the file(s) on your server!

• 529.php
• AK-74 Security Team Web Shell Beta Version.php
• Ajax_PHP Command Shell.php
• Ajax_PHP_Command_Shell.php
• Antichat Shell v1.3.php
• Antichat Shell. Modified by Go0o$E.php
• Antichat Shell.php
• Antichat_Shell_v1.3.php
• Ayyildiz Tim -AYT- Shell v 2.1 Biz.php
• C99madShell v. 2.0 madnet edition.php
• CasuS 1.5.php
• CmdAsp.asp.php.txt
• CrystalShell v.1.php
• Cyber Shell (v 1.0).php
• Cyber Shell.php
• DTool Pro.php
• Dive Shell 1.0 – Emperor Hacking Team.php
• Dive_Shell_1.0_Emperor_Hacking_Team.php
• GFS web-shell ver 3.1.7 – PRiV8.php
• GFS_web-shell_ver_3.1.7_-_PRiV8.php
• GRP WebShell 2.0 release build 2018 (C)2006,Great.php
• Gamma Web Shell.php
• JspWebshell 1.2.php
• JspWebshell_1.2.php
• KA_uShell 0.1.6.php
• KAdot Universal Shell v0.1.6.php
• KAdot_Universal_Shell_v0.1.6.php
• Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php
• Loaderz WEB Shell.php
• Macker’s Private PHPShell.php
• Moroccan Spamers Ma-EditioN By GhOsT.php
• Moroccan_Spamers_Ma-EditioN_By_GhOsT.php
• MySQL Web Interface Version 0.8.php
• MySQL_Web_Interface_Version_0.8.php
• MyShell.php
• Mysql interface v1.0.php
• Mysql_interface_v1.0.php
• NCC-Shell.php
• NGH.php
• NTDaddy v1.9.php
• PH Vayv.php
• PHANTASMA.php
• PHP Shell.php
• PHPRemoteView.php
• PHVayv.php
• PH_Vayv.php
• PhpSpy Ver 2006.php
• Predator.php
• RemExp.asp.php.txt
• Rootshell.v.1.0.php
• STNC WebShell v0.8.php
• Safe0ver Shell -Safe Mod Bypass By Evilc0der.php
• Safe_Mode Bypass PHP 4.4.2 and PHP 5.1.2.php
• Safe_Mode_Bypass_PHP_4.4.2_and_PHP_5.1.2.php
• SimAttacker – Vrsion 1.0.0 – priv8 4 My friend.php
• SimShell 1.0 – Simorgh Security MGZ.php
• SimShell_1.0_-_Simorgh_Security_MGZ.php
• Simple_PHP_backdoor_by_DK.php
• Sincap 1.0.php
• Small Web Shell by ZaCo.php
• Uploader.php
• Web-shell (c)ShAnKaR.php
• WinX Shell.php
• Worse Linux Shell.php
• ZyklonShell.php
• aZRaiLPhp v1.0.php
• aZRaiLPhp_v1.0.php
• accept_language.php
• aspydrv.php
• b374k-mini-shell-php.php.php
• b374k.php.php
• backupsql.php
• c0derz shell [csh] v. 0.1.1 release.php
• c99_locus7s.php
• c99_madnet.php
• cgitelnet.php
• cpanel.php
• cw.php
• cybershell.php
• dC3 Security Crew Shell PRiV.php
• dC3_Security_Crew_Shell_PRiV.php
• erne.php
• ex0shell.php
• fatal.php
• findsock.c
• ftpsearch.php
• g00nshell-v1.3.php
• go-shell.php
• h4ntu shell [powered by tsoi].php
• h4ntu_shell_[powered_by_tsoi].php
• hiddens shell v1.php
• indexer.asp.php.txt
• ironshell.php
• klasvayv.asp.php.txt
• kral.php
• lamashell.php
• load_shell.php
• lolipop.php
• lostDC.php
• matamu.php
• megabor.php
• myshell.php
• mysql_tool.php
• nshell.php
• pHpINJ.php
• php-backdoor.php
• php-findsock-shell.php
• php-include-w-shell.php
• php-reverse-shell.php
• pws.php
• qsd-php-backdoor.php
• reader.asp.php.txt
• robots.php
• rootshell.php
• ru24_post_sh.php
• s72 Shell v1.1 Coding.php
• s72_Shell_v1.1_Coding.php
• safe0ver.php
• simattacker.php
• simple-backdoor.php
• simple_cmd.php
• small.php
• soldierofallah.php
• sosyete.php
• spygrup.php
• stres.php
• toolaspshell.php
• tryag.php
• zaco.php
• zacosmall.php
• zehir4.asp.php.txt
• zehir4.php