A penetration tester has successfully exploited a file upload vulnerability on a public-facing web server. To maintain persistent access and execute system commands remotely through HTTP/S requests, the tester uploads a malicious PHP script into the web directory. Which of the following persistence techniques is being deployed?
The correct answer is Web shell. A web shell is a malicious script (e.g., in PHP, ASP, or JSP) uploaded to a server to enable remote administration and command execution. It operates over standard web protocols like HTTP or HTTPS, which is consistent with the scenario. A bind shell opens a new listener port on the target machine for a direct connection, which is not what is described. A rootkit is malware designed to hide its presence and gain privileged access, typically at the operating system or kernel level, which is more advanced than a simple script. A trojan is a broad term for malware that masquerades as legitimate software; while a web shell can be considered a type of trojan, 'Web shell' is the more specific and accurate term for this scenario.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a script backdoor?
Open an interactive chat with Bash
How do web shells typically evade detection?
Open an interactive chat with Bash
What are some common ways to identify and mitigate web shells?