Question: What is a shell when it comes to web hacking?
Answer: Well, basically a shell is an interface between client and server and comes up with an extension of .php. To make it works, hackers always uploaded this kind of PHP Shell into online web servers in order to make it work.
When you upload any shell online in any website then you can do anything with that website like Editing the files, uploading the files, delete the files, back server connectivity, change permissions etc or it can also be used for DDOS to another website depends upon which shell you are using. If we generally talk about the features of a shell, there are so many features of a best Php web shell like MD5 Hash, Mass Mailing, Edit/Delete/Change/Upload files, URL Encoding/Decoding etc.
Till now the best shells are –
1. WSO Shell – https://gist.github.com/1N3/ad327175444a8d14f37d
2. MADSPOT Shell – http://madleets.blogspot.in/2012/04/madspot-security-team-shell-v-10.html
Question: What does defacing mean and what’s a deface page?
Answer: Defacing, in most certain cases, means that you wanna upload a specific file of yours, mostly a message to prove the administrator that you hacked the website like “Palestine Hackers Hacked Example.com Website, FUCK UP Your Security etc“.
A deface page, while hacking a website, is simply a message to convey to the owner/manager of the website that you’ve owned their security. Mostly hackers do this thing for fun and fame or for a target operation. If you’re a beginner in web hacking, defacing a site will be considered as a big success for you just like a script kiddie.
Question: A common difference between a shelled website and a defaced website?
Answer: Simply answering, a shelled website can be used as hosting for illegal operations like for DDosing (Distributed Denial of Service), Spreading malware and Trojans, redirecting the page to some other to getting traffic etc.
Question: My IP was logged while I was hacking, what should I do now?!
Answer: Well If your IP has ever been logged, then their is a huge chance that you won’t get caught. But i always recommend you to some kind of proxy tools like TOR Browser, VPN etc.
Examples of VPN:
1. nVPN (paid)
2. ProXPN (free)
Strictly Note – An advice from me and all other web hackers out there, no matter what you hack whether it’s a bullshit website or a strict government website, always stay behind a VPN or Proxy and stay anonymous!