module
Apache .htaccess Persistence
| Disclosed | Created |
|---|---|
| Dec 1, 1995 | Jul 3, 2026 |
Disclosed
Dec 1, 1995
Created
Jul 3, 2026
Description
This module writes a persistence payload into an Apache
.htaccess file using mod_cgi. The .htaccess file itself
acts as a CGI shell, executing commands passed via the
query string. Inspired by the htshells project by wireghoul.
.htaccess file using mod_cgi. The .htaccess file itself
acts as a CGI shell, executing commands passed via the
query string. Inspired by the htshells project by wireghoul.
Authors
wireghoul
msutovsky-r7
4ravind-b
msutovsky-r7
4ravind-b
Platform
Linux,PHP
Architectures
php, cmd
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.