A web shell is a script that is often uploaded to a server with the aim of giving a hacker the remote control of a machine. Web servers that become infected can either be internal to the network or internet-facing, where the shell is utilized to pivot further to the server’s internal hosts.

The c99 shell is a somewhat notorious piece of PHP malware. C99 shell is often uploaded to a compromised web application to provide an interface to an attacker. The c99 shell allows an attacker to hijack the web server process, allowing the attacker to issue commands on the server as the account under which PHP is running. The c99 shell allows an attacker to browse the filesystem, upload, view, and edit files as well as move files, delete files, and even change permissions, all as the web server. Finding the c99 shell on your system is pretty solid evidence of a compromise.

Download: [[https://github.com/tennc/webshell/tree/master/php/PHPshell/c99]]