after getting the knowledge about a php-reverse-shell on WordPress, I tried it out in a real scenario, namely on my own website. I put the php-reverse-shell in the 404.php file of an activated theme, but unfortunately I didn’t get a reverse shell. It works in the labs, why didn’t it work in the real scenario?
Is it because my website is hosted by a provider and their firewall recognizes the reverse shell or does not allow it to connect to my open netcat port? By the way: Did I maybe do something illegal? I wasn’t aware of it beforehand as I thought this was my website. Afterwards I realized that I am not the owner of the server of the website provider.
Many Thanks.
PS: All necessary parameters have been checked several times, all values are correct. I use a VPN
There are many reasons for this, it is just a mere guess for us what the actual reason is.
If you want to test these things it is best to setup a VM instead of using your hosting providers hardware.
As you stated yourself it is most likely not allowed for you to take these actions as you a renting the hardware from your hosting provider.
If you start a VM on your local machine then you can do what ever u want with it.
It’s interesting that you tried out a reverse shell on your website, but it’s crucial to be cautious with such experiments, especially on a live site. Your hosting provider’s security measures could indeed prevent the connection. It’s essential to respect their terms of service and not engage in any potentially harmful activities.Regarding your question about what type of websites there are, there’s a wide variety, from personal blogs to e-commerce sites, portfolios, forums, and more. Exploring what type of websites are there can give you insights into the many possibilities for web development.Always remember to prioritize security and legality in your online endeavors.