Reverse shell on my website

Luffy_haki · January 10, 2023, 7:45pm

Hello friends,

after getting the knowledge about a php-reverse-shell on WordPress, I tried it out in a real scenario, namely on my own website. I put the php-reverse-shell in the 404.php file of an activated theme, but unfortunately I didn’t get a reverse shell. It works in the labs, why didn’t it work in the real scenario?

Is it because my website is hosted by a provider and their firewall recognizes the reverse shell or does not allow it to connect to my open netcat port? By the way: Did I maybe do something illegal? I wasn’t aware of it beforehand as I thought this was my website. Afterwards I realized that I am not the owner of the server of the website provider.

Many Thanks.

PS: All necessary parameters have been checked several times, all values are correct. I use a VPN

weller · January 10, 2023, 9:21pm

Hi,

There are many reasons for this, it is just a mere guess for us what the actual reason is.
If you want to test these things it is best to setup a VM instead of using your hosting providers hardware.
As you stated yourself it is most likely not allowed for you to take these actions as you a renting the hardware from your hosting provider.

If you start a VM on your local machine then you can do what ever u want with it.

Hope this answers your question a little bit