I am pursuing - “Threat Hunting: Hunting the Network & Network Analysis” training and want to know How to ingest or implant web shells ?
I want to do this in the lab. I have read enough theory about web shells and how web server / web application can be exploited to upload web shells but I want to do the hands on. I want to see how I can exploit a vulnerability and upload (and execute) a web shell.
There are multiple vulnerable VMs available on the internet and the best place to find one is from VulnHub.
But IMO, the easiest option is to set up the Damn Vulnerable Web Application (DVWA): 1.0.7 ~ VulnHub VM and then practice it. In case need a walk-through, follow this writeup