# WebShell

Adversaries may backdoor web servers with web shells to establish persistent access to systems. A Web shell is a Web script that is placed on an openly Web server to allow an adversary to access the Web server as a gateway into a network. A Web shell may provide a set of functions to execute or a command-line interface on the system that hosts the Web server.

Simply pacing a PHP shell onto the webserver of a Linux machine allows me command execution via the Web Browser

<figure><img src="https://315180959-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MRh03Vwd4nuiUi3Oje7%2Fuploads%2F6TcUUYU9NoqoTOAUN9ql%2Fimage.png?alt=media&#x26;token=ea98a53f-86b3-4a6c-aef9-41063b2f1c89" alt=""><figcaption></figcaption></figure>