PHP Shell Scripts
PHP Shells, Exploit Shells
When an attacker finds an exploit in WordPress, one of their first goals is to escalate their access.
An attacker could upload a PHP Shell Script. Functionally, these PHP shells are nearly the same as an SSH shell. You can change permissions, read files, upload files and more. The tools are very robust.
C99Shell is a popular PHP tool designed to escalate access on your server. This is basically a full shell account in PHP.
Important: Local exploits become remote exploits when your WordPress site is insecure.
You can download these shells on multiple sites: c99 shell - r57 shell - c99.txt - r57.txt - r57shell - c99shell - r57 - c99 R57 Shell | C99 Shell | Shell | TXT Shell | R57.php | c99.php | r57shell.net r57.txt - c99.txt - r57 shell - c99 shell - r57shell - c99shell - r57 - c99 - shell archive - php shells - php exploits - bypass shell - safe mode bypass - sosyete safe mode bypass shell - Evil Shells - exploit - root - localshell.net
HACKED!
How to manually cleanup malware from WordPress Site
Detection of Malware: VirusTotal
Interesting for detecting exploits: Web Shell Detector A collection of PHP backdoors: bartblaze/PHP-backdoors
Hacked:
How to Find a Backdoor in a Hacked WordPress Site and Fix It Oh Sh*#! What to Do When Your WordPress Website Has Been Hacked | Elegant Themes Blog
Getting Hacked Constantly? Stopping Backdoor Exploits for Good
Great explanation: Principles of Secure WordPress Code