php reverse shell github
Php reverse shell github
Just a little refresh on the popular PHP reverse shell script pentestmonkey/php-reverse-shell. Credits to the original author!
Tested on XAMPP for Linux v7.3.19 (64-bit) with PHP v7.3.19 on Kali Linux v2020.2 (64-bit).
Tested on XAMPP for OS X v7.4.10 (64-bit) with PHP v7.4.10 on macOS Catalina v10.15.6 (64-bit).
Tested on XAMPP for Windows v7.4.3 (64-bit) with PHP v7.4.3 on Windows 10 Enterprise OS (64-bit).
In addition, everything was tested on Docker images nouphet/docker-php4 with PHP v4.4.0 and steeze/php52-nginx with PHP v5.2.17.
Made for educational purposes. I hope it will help!
/src/php_reverse_shell.php requires PHP v5.0.0 or greater, mainly because proc_get_status() is used.
Change the IP address and port number inside the scripts as necessary.
Copy /src/php_reverse_shell.php to your server’s web root directory (e.g. to /opt/lampp/htdocs/ on XAMPP) or upload it to your target’s web server.
Navigate to the file with your preferred web browser.
Check the simple PHP web shell based on HTTP POST request.
Check the simple PHP web shell based on HTTP GET request. You must URL encode your commands.
Check the simple PHP web shell v2 based on HTTP GET request. You must URL encode your commands.
Find out more about PHP obfuscation techniques for older versions of PHP at lcatro/PHP-WebShell-Bypass-WAF. Credits to the author!
Check the minified scripts in /src/minified/ directory.
To set up a listener, open your preferred console on Kali Linux and run one of the examples below.
Set up ncat listener:
Set up multi/handler listener:
About
PHP reverse shell script. Works on Linux OS, macOS, and Windows OS.
Php reverse shell github
Easy to remember reverse shell that should work on most Unix-like systems.
Detects available software on the target and runs an appropriate payload.
1. Listen for connection
On your machine, open up a port and listen on it. You can do this easily with netcat.
2. Execute reverse shell on target
On the target machine, pipe the output of https://reverse-shell.sh/yourip:port into sh.
Go back to your machine, you should now have a shell prompt.
This is meant to be used for pentesting or helping coworkers understand why they should always lock their computers. Please don’t use this for anything malicious.
You can use a hostname instead of an IP.
Because this is a reverse connection it can punch through firewalls and connect to the internet.
You could listen for connections on a server at evil.com and get a reverse shell from inside a secure network with:
By default when the shell exits you lose your connection. You may do this by accident with an invalid command. You can easily create a shell that will attempt to reconnect by wrapping it in a while loop.
Be careful if you do this to a coworker, if they leave the office with this still running you’re opening them up to attack.
Running as a background process
The terminal session needs to be kept open to persist the reverse shell connection. That might be a bit of a giveaway if you’re trying to prank coworkers.
The following command will run the reverse shell in a background process and exit the terminal, leaving no suspicious looking terminal windows open on the victim’s machine.
Make sure you run this in a fresh terminal window otherwise you’ll lose any work in your existing session.
rshipp / shell.php
This comment has been minimized.
Copy link Quote reply
ChickenLover commented Aug 13, 2019
This comment has been minimized.
Copy link Quote reply
Serux commented Dec 4, 2019
This shell was writing duplicate input when using a netcat listener.
removing the ampersand (&) solved my problem.
This comment has been minimized.
Copy link Quote reply
rshipp commented Dec 18, 2019
note for anybody coming across this for whatever reason: i have zero tolerance for inappropriate comments on this or any project i control. be kind, or leave.
This comment has been minimized.
Copy link Quote reply
nikkolai14 commented May 8, 2020
Is the ip my physical or public ip?
This comment has been minimized.
Copy link Quote reply
Serux commented May 8, 2020
If you want to connect to your computer within an intranet, or by VPN, then is the physical IP
(for example if you are 192.168.1.2 and you want 192.168.1.3 to connect to you, you must usa 192.168.1.2)
This comment has been minimized.
Copy link Quote reply
nikkolai14 commented May 8, 2020
Thanks for the comment If I understand you correctly,
Here is my steps what I did,
So what I want to achieve is access the vuln site using the reverse shell, I am still a beginner so forgive for that. is that possible?
This comment has been minimized.
Copy link Quote reply
Serux commented May 8, 2020
I had to search what was ngrok.
So ngrok makes a localhost port public, like localhost:3000->publicweb.ngrok.io, so at this point you have something like a public subdomain and a public ip that forwards the connections to your localhost.
So when you execute the php script, it runs on the server that hosts the file (localhost) and tries to connect to the desired ip.
If your ip is in the same network as the server, (or your routing table is configured to forward to another network) the server tries to make the connection serverip->yourcomputerip:8080
So the php is being executed in your server, not in another site. The file needs to be executed from the server that you want to conect to, so that the php in that system executes the bash command.
I hope this helps. Ask me if there is something that you dont understand.
I’m writing this on my phone and is a bit difficult to structure the text.
Php reverse shell github
PHP Remote Shell is a Swiss army knife for exploring servers through the Web. It contains a reverse shell in PHP, a full file browser, the ability to execute shell commands or PHP / SQL / LDAP code, crontab management and « zombies » management. It can also nest itself in existing files in order to redeploy automatically during their execution. If it has been previously encrypted, it is able to decrypt itself on the fly.
It was designed to be robust and work with just about any POSIX server with a decent version of PHP. It may look a bit rustic at times, but it should work everywhere.
PHP Remote Shell will be as silent as possible, using only POST requests, displaying images using inline data, keeping session in its own file instead of cookies when possible, and so on.
You need a POSIX machine with PHP CLI on local, and a POSIX server with a PHP web service up on remote.
If you retrieved PRS by cloning the Git repository, you first need to change the permissions of some files as follows :
To install and use PRS you just have to put prs.php somewhere on the Web and access it with a POST request (GET requests will display a HTTP 404 error).
The simplest way to request PRS URL once uploaded is to open launcher.html with a web browser and fill the form.
You can use PRS as is or you can encrypt it before uploading it on the remote host. Encryption is a guaranty for you that nobody will read the source code neither your authentication parameters if any. Knowing this, you can add what you want in it, your secrets will be well protected, even on remote 🙂
The launcher.html file allow you to specify your encryption password before requesting the PRS page.
To force PRS to ask for authentication, edit the script and fill the Authentication section constants.
To allow direct download of PRS file, just pass it prsds= as URL parameter :
Note that this will not work if you previously defined CHECK_AUTH or if you have encrypted PRS file.
Allow you to open the Profiles management popup to save sessions and retrieve them later.
Displays the result of some common tools, plus the output of the phpinfo() function if available.
If the remote PHP allows it, let you choose a remote IP and port on which listening with a full PHP reverse shell.
It is just a basic shell, which means that sometimes it will not work and that the connection may be cut of or looped at any time. Some commands will be rewritten (like ping or top ), others will be emulated (like clear ). It is likely that in dying (when you grab the shutdown command from your client) it causes a zombie process.
Use netcat or any other client on your local machine to execute bash commands on the remote host.
Sometime, reverse shell is not possible. This section allows you to execute bash commands and see their results directly from the PRS web page.
With this feature, you can write PHP code, execute it on the remote host and see the result.
PRS file browser allows you a lot of things. You can create/edit/delete files, view symlinks and so on. It looks a lot like the output of the ls command, with some improvements.
This feature of the file browser bottom menu allows you to « host » PRS on another PHP script. If someone ever erases it, it would be automatically recreated by calling this page.
Where possible, it allows you to edit, save or even remove the crontab of the current web user.
This feature will not work if PRS file has been previously encrypted. Use it only for fun and non-profit 😉
You can have fun spying remote user’s keyboard, injecting code, stealing cookies and so on. You can also web ping hosts on user’s private network before launching CSRF attack for example. But, once again : it is instable, not stealth.
To create a zombie, inject the following HTML code in a web page :
Then go to the PRS Zombies menu and wait until it appears on the list.
Php reverse shell github
rsh is a tool purely written in Python 3 to easily a generate reverse shell command for Linux as well as Windows.
This tools makes it easy for you to quickly generate reverse shell commands supported in both Linux and Windows, in the following languages:
Using rsh is very simple. All you need to do is provide an IP and port and the type of shell that is to be generated:
You can also automatically catch the reverse shell by starting a listener when you are done. This uses netcat and listens on the port you specified for your reverse shell
You need to have Python 3.5 or greater installed to run rsh. Both Linux and Windows are supported. Along with that rsh uses pyfiglet which you can install by running:
In any case feel free to open an issue
All the shell command are taken from pentestmonkey
If you’d like you can buy me some coffee:
About
generate reverse shell from CLI for linux and Windows.