PHP Shell Scripts

PHP Shells, Exploit Shells

When an attacker finds an exploit in WordPress, one of their first goals is to escalate their access.

An attacker could upload a PHP Shell Script. Functionally, these PHP shells are nearly the same as an SSH shell. You can change permissions, read files, upload files and more. The tools are very robust.

C99Shell is a popular PHP tool designed to escalate access on your server. This is basically a full shell account in PHP.

Important: Local exploits become remote exploits when your WordPress site is insecure.

You can download these shells on multiple sites: c99 shell - r57 shell - c99.txt - r57.txt - r57shell - c99shell - r57 - c99 R57 Shell | C99 Shell | Shell | TXT Shell | R57.php | c99.php | r57shell.net r57.txt - c99.txt - r57 shell - c99 shell - r57shell - c99shell - r57 - c99 - shell archive - php shells - php exploits - bypass shell - safe mode bypass - sosyete safe mode bypass shell - Evil Shells - exploit - root - localshell.net

HACKED!

How to manually cleanup malware from WordPress Site

Detection of Malware: VirusTotal

Interesting for detecting exploits: Web Shell Detector A collection of PHP backdoors: bartblaze/PHP-backdoors

Hacked:

How to Find a Backdoor in a Hacked WordPress Site and Fix It Oh Sh*#! What to Do When Your WordPress Website Has Been Hacked | Elegant Themes Blog

Getting Hacked Constantly? Stopping Backdoor Exploits for Good

Great explanation: Principles of Secure WordPress Code