A backdoor shell can be in the form of PHP, ASP, JSP, etc. It’s a piece of code that can be uploaded to any site vulnerable to an exploit or compromised via stolen credentials. A backdoor shell is utilized to retain access and some privileges on a server or website.
Once uploaded, it allows the attacker to execute commands through a shell_exec() function which allows the attacker to upload, delete, modify, or download files from the webserver. For individuals defacing the site, it allows them to navigate easily to the directory of the public_html or /var/www and modify the index of the page.
In the write-up below, they will be going over PHP backdoor shells including how they work, and how to detect them and remove them. Below is a simple PHP code that is very popular and is scattered all over the web (http://stackoverflow.com/questions/3115559/exploitable-php-functions; http://shipcodex.blogspot.com/2012/01/simple-php-backdoor-shell.html). This code allows an attacker to execute commands via a PHP script.
