The Agent Skills Directory

[COMMAND_EXECUTION]: Numerous files within the skill provide interfaces for executing arbitrary system commands on a target web server. Antivirus scanners have confirmed several of these files as malicious backdoors (e.g., PHP:BackDoor-Y, ASP:BackDoor-U). A Windows executable (nc.exe) is also embedded in the collection.
Evidence in references/Web-Shells/PHP/Dysco.php, references/Web-Shells/Vtiger/modules/VtigerVulnPlugin/actions/Gateway.php, and references/Web-Shells/FuzzDB/cmd.php using functions like system(), exec(), and passthru().
[REMOTE_CODE_EXECUTION]: The skill includes functional reverse shell implementations designed to establish outbound connections to a specified IP and port, granting full remote shell access.
Evidence in references/Web-Shells/laudanum-1.0/php/php-reverse-shell.php and references/Web-Shells/FuzzDB/reverse.jsp.
[DATA_EXFILTRATION]: Contains tools specifically designed to browse, read, and download sensitive files from the server's filesystem. One module is capable of extracting and decrypting database credentials.
Evidence in references/Web-Shells/laudanum-1.0/php/file.php and references/Web-Shells/laudanum-1.0/asp/file.asp for file harvesting.
Evidence in references/Web-Shells/CFM/shell.cfm.html for database credential theft.
[CREDENTIALS_UNSAFE]: Includes scripts that create unauthorized administrative accounts on popular CMS platforms or bypass existing login protections using hardcoded secrets.
Evidence in references/Web-Shells/Magento/newadmin-KINKCreative.php (hardcoded password) and references/Web-Shells/WordPress/bypass-login.php (authentication bypass).
[EXTERNAL_DOWNLOADS]: Automated scanners detected a malicious URL (r57.biz) associated with web shell distribution referenced within the skill's data files.

security-webshells