htshells
htshells provides self-contained .htaccess-based web shells and attacks for remote code execution and information disclosure. It is designed for penetration tests against CMS systems that restrict uploads by extension.
Description
htshells is a collection of web-based attacks leveraging .htaccess files to bypass upload restrictions in content management systems (CMS). It targets scenarios where files are isolated in individual directories and extensions are filtered, enabling attackers to gain shell access during security assessments.
The tool focuses on two primary attack categories: remote code/command execution (RCE) and information disclosure. These attacks are intended exclusively for authorized penetration testing or security assessments, providing a means to obtain interactive shells in restricted environments.
Key components include directories for denial-of-service (dos), information gathering (info), shells, and path traversal, along with specific .htaccess files for authentication bypass, phishing, and mail sending exploits.
How It Works
htshells utilizes Apache's .htaccess configuration files to execute PHP code or commands via mod_rewrite, mod_auth, or other modules, bypassing extension-based upload filters. Files like mod_sendmail.rce.htaccess enable remote code execution through server-side mail functions, while others facilitate traversal, DoS, or info leaks by manipulating HTTP requests and server directives in isolated upload directories.
Installation
sudo apt install htshellsFlags
Examples
htshells -hls /usr/share/htshellsls /usr/share/htshells/shellcat /usr/share/htshells/mod_sendmail.rce.htaccesscat /usr/share/htshells/mod_auth_remote.phish.htaccesscat /usr/share/htshells/mod_badge.admin.htaccessls /usr/share/htshells/dosls /usr/share/htshells/info