Shells, a great weapon for cyber criminals.

Shell is basically a code with which the hacker gets control over a server. Comes into play in the maintenance and expansion of control phase.

The hacker first seeks administrative panel of a page. Then seek ways to overcome access administrative control panel.
In most content managers he will find an option that is used to upload a photos. Instead of loading a picture he uploads this code, language depends on the language used by the server.

In PHP there are two classic examples: c99.php and r57.php although there are many more, each with its peculiarities.

Then he has to know where to call to Shell on his browser. If the code was loaded as an image it is very likely to find the shell in the image file. In this case he would put this in his browser.

http://www.ejemplo.com/imagenes/c99.php

From there you will get a page like the one shown in our picture. From here the hacker has complete control over the entire server, not just the website, but all the web sites that are stored on that server.

I've seen hackers who have pages with a hosting company like GoDaddy, how loaded a shell and had control over 10,000 websites that were stored on that server.
Hence the great danger of sharing the server with other websites, if you don't know what your neighbor is doing. I recommend that whenever possible you have your own server.

The hacker still has full control over the server as long as you have the shell on the server. Regardless of if you change your password, upgrade the version of your software or impose any other security measure.
That's why I said before that is used in the control maintenance phase, because it maintains control regardless of any change in the page.

The only way to free yourself is erasing the Shell. That is why hackers often make multiple copies. In case you deleted one, still have the other.

Fortunately Shells are pretty easy to find if you know what you're looking for and where to look. If you suspect that your site may be affected by this problem I recommend you contact certified ethical hacker as soon as possible.


Contact us