Let's say you already have your credentials to Drupal admin's panel:
You can find a way how to do it after reading those pages[1, 2, 3] but below you'll find few hints from me:
Let's start from creating new directory where we will place our module files - mine was called sample_module2.
We will need to create 3 files inside that dir:
Next thing to do is to zip this module directory and move the archive file to our web rootdir to download it in the future:
Now we will install our new module:
Let's "install from a URL":
Now our example module is ready to use:
Our example form is ready to use:
We need to add an 'x' parameter with our command as a value and click to run the code:
As you can see now you have a valid basic webshell. :)
Remember to use it only during legal pentests.
Other cool places where you can try to use your new created module you will find described here. ;)
See you next time.