How to injest or implant web shells?


I am pursuing - “Threat Hunting: Hunting the Network & Network Analysis” training and want to know How to ingest or implant web shells ?
I want to do this in the lab. I have read enough theory about web shells and how web server / web application can be exploited to upload web shells but I want to do the hands on. I want to see how I can exploit a vulnerability and upload (and execute) a web shell.

Can someone please guide ?


There are multiple vulnerable VMs available on the internet and the best place to find one is from VulnHub.
But IMO, the easiest option is to set up the Damn Vulnerable Web Application (DVWA): 1.0.7 ~ VulnHub VM and then practice it. In case need a walk-through, follow this writeup

To further add to @jaa, you can also use eLearnSecurity’s “” they had build it for testing. Other than that one more popular choice for web application - OWASP Juiceshop (Juice Shop - Insecure Web Application for Training | OWASP).
Also u can try for " Buggy Web Application (BWAPP)"

Hope it helps :slight_smile: