Skip to content
Log in

Web shell

Definition

A script (typically PHP, ASP, or JSP) placed on a web server by an attacker to provide remote command execution via HTTP requests. Web shells are a common persistence mechanism on internet-facing servers and can survive a service restart if they are not explicitly located and removed.

Related terms

Configuration drift
Deviation from an approved baseline configuration, whether caused by legitimate administrative action or by an attacker modifying settings to weaken defences or...
Indicator of Compromise (IoC)
An observable artefact that suggests a system has been involved in a malicious event. Static analysis produces file-based IoCs: cryptographic hashes, embedded...
Persistence mechanism
The technique malware uses to survive a reboot or user logout. Common methods include registry run keys, scheduled tasks, Windows services, cron...
Reimaging
Wiping a compromised system and restoring it from a known-good operating system image. Reimaging is the most reliable eradication method for host-level...
Rogue account
A user or service account created by the attacker during the intrusion to maintain access independent of any compromised legitimate account. Rogue...

Explained in

  • Threat Eradication MethodsA script (typically PHP, ASP, or JSP) placed on a web server by an attacker to provide remote command execution via HTTP requests. Web shells are a common pers...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account