Description

The Shell Access or Remote Shell feature in malware provides attackers with a remote interface to the compromised system, essentially acting as a backdoor that allows them to execute commands as if they were physically present at the machine. This level of access gives attackers a near-omnipotent control over the target, allowing them to perform a wide range of actions from file manipulation to launching additional exploits. One of the most significant capabilities offered by shell access is the potential for privilege escalation. By exploiting vulnerabilities or misconfigurations in the system, an attacker can elevate their access rights, gaining more thorough control and making it easier to carry out further malicious activities. Moreover, a remote shell can be used to pivot to other systems on the network, enabling lateral movement and increasing the scope of the attack.

Categories Lateral Movements, Privilege Escalation, System Management
Dangerousness High

Existing Technique

Name Associated Feature(s) Has Snippet Matching Sample
Execute Programs logoExecute Programs File Manager, Shell Access 0

Associated with Releases

Version Origins Authors Languages Release Date
Lost Door 3.0 Stable logoLost Door 3.0 Stable Tunisia πŸ‡ΉπŸ‡³ OussamiO Visual Basic 6 (VB6) Mar, 2009
Cerberus 1.0 Beta logoCerberus 1.0 Beta United States πŸ‡ΊπŸ‡Έ, United Kingdom πŸ‡¬πŸ‡§ Protocol , Steve10120 , 2sly , Sam Delphi Aug, 2009
Cerberus 1.01 Beta logoCerberus 1.01 Beta United States πŸ‡ΊπŸ‡Έ, United Kingdom πŸ‡¬πŸ‡§ Protocol , Steve10120 , 2sly , Sam Delphi Aug, 2009
Cerberus 1.02 Beta logoCerberus 1.02 Beta United States πŸ‡ΊπŸ‡Έ, United Kingdom πŸ‡¬πŸ‡§ Protocol , Steve10120 , 2sly , Sam Delphi Aug, 2009
SynRAT 4.3.1-A-1 logoSynRAT 4.3.1-A-1 France πŸ‡«πŸ‡· DarkCoderSc Assembly, Delphi Aug, 2009
Apocalypse RAT 1.4 logoApocalypse RAT 1.4 Turkey πŸ‡ΉπŸ‡· ap0calypse Delphi Aug, 2009
Cerberus 1.03.4 logoCerberus 1.03.4 United States πŸ‡ΊπŸ‡Έ, United Kingdom πŸ‡¬πŸ‡§ Protocol , Steve10120 , 2sly , Sam Delphi Sep, 2009
Spy-Net 2.6 logoSpy-Net 2.6 Brazil πŸ‡§πŸ‡· Raphael Delphi Oct, 2009
DarkComet RAT 1.3 logoDarkComet RAT 1.3 France πŸ‡«πŸ‡· DarkCoderSc Nov, 2009
Cerberus 1.03.5 Beta logoCerberus 1.03.5 Beta United States πŸ‡ΊπŸ‡Έ, United Kingdom πŸ‡¬πŸ‡§ Protocol , Steve10120 , 2sly , Sam Delphi Dec, 2009
DarkComet RAT 2.0 RC4 logoDarkComet RAT 2.0 RC4 France πŸ‡«πŸ‡· DarkCoderSc Delphi Mar, 2010
CyberGate 1.04.8 logoCyberGate 1.04.8 United States πŸ‡ΊπŸ‡Έ johnyk Delphi Apr, 2010
Lost Door 4.3.1 logoLost Door 4.3.1 Tunisia πŸ‡ΉπŸ‡³ OussamiO Visual Basic 6 (VB6) Apr, 2010
DarkComet RAT 2.0 RC7 logoDarkComet RAT 2.0 RC7 France πŸ‡«πŸ‡· DarkCoderSc Assembly, Delphi Jun, 2010
Schwarze Sonne 1.0 logoSchwarze Sonne 1.0 Unknown πŸ΄β€β˜ οΈ, Germany πŸ‡©πŸ‡ͺ, Turkey πŸ‡ΉπŸ‡· ap0calypse , Slayer616 , Counterstrikewi Delphi Jun, 2010
Lost Door 5.1 logoLost Door 5.1 Tunisia πŸ‡ΉπŸ‡³ OussamiO Visual Basic 6 (VB6) Oct, 2010
Coolvibes 1 Update 8 logoCoolvibes 1 Update 8 Spain πŸ‡ͺπŸ‡Έ Thor Delphi May, 2011
Xtreme RAT 2.9 logoXtreme RAT 2.9 Brazil πŸ‡§πŸ‡· Raphael Delphi Jul, 2011
DarkComet RAT 5.3 logoDarkComet RAT 5.3 France πŸ‡«πŸ‡· DarkCoderSc Assembly, Delphi Jun, 2012
DarkComet RAT 5.3.1 logoDarkComet RAT 5.3.1 France πŸ‡«πŸ‡· DarkCoderSc Assembly, Delphi Jun, 2012
NjRat 0.7d logoNjRat 0.7d Kuwait πŸ‡°πŸ‡Ό njq8 VB .net Dec, 2013
Quasar 1.0 logoQuasar 1.0 Unknown πŸ΄β€β˜ οΈ MaxXor C# Aug, 2015
Lost Door 9.2 Aws logoLost Door 9.2 Aws Tunisia πŸ‡ΉπŸ‡³ OussamiO Visual Basic 6 (VB6) Jan, 2022