htshells is a series of web based attacks based around the .htaccess files. Most of the attacks are centered around two attack categories. Remote code/command execution and information disclosure. These attacks are intended for use during penetration tests or security assessments. It was created to get shell in a CMS that restricted uploads based on extension and placed each uploaded file in it's own directory.

Pick the attack you wish to perform, copy the file to a new file named .htaccess and upload the file to the web server. Now browse to the uploaded location to execute your attack. For a more indepth example, see the tutorial.

See the project README file and the frequently asked questions.

You can download the files from the github project page.

No Clean Feed - Stop Internet Censorship in Australia
Creative Commons License
This weblog is licensed under a Creative Commons License.