In this post we are going to search with Google, servers that have been compromised and they are hosting a webshell.

The most common method to upload a webshell to a server is RFI (Remote File Inclusion). RFI is a vulnerability that allows an attacker to upload a remote file like a script or webshell.

With a webshell, you can manage the server, read/create/remove files/upload files, execute commands on the remote server...

The common webshells are c99.php, c100.php, r57.php...

You can find servers hosting this webshells with the next google dorks

 * Note that some links don't contain webshells because administrators have removed the shell from their servers or the webmaster are using black SEO.

inurl:"c99.php/" "uname -a"



inurl:"b374k.php/" 



inurl:"c100.php" "uname -a"



inurl:r57.php