Name: Anonymous 2018-09-05 19:54
If you find a site with a file inclusion or upload vulnerability that lets you upload a web shell, and then you have a web shell on it and there are some files or directories where you have rwx permissions, could you somehow turn that web server into a bot for a botnet? I have heard of IRC bots like EggDrop or Tsunami (old, I know), but I wonder if there is something web or PHP-based that could do something similar. After all, if you have a web shell on a site, that means it's running PHP.
Just curious for research purposes, not anything malicious. The only way to learn how to secure stuff is to learn how it gets pwned.
Just curious for research purposes, not anything malicious. The only way to learn how to secure stuff is to learn how it gets pwned.