- Joined
- Jan 8, 2019
- Messages
- 56,607
- Solutions
- 2
- Reputation
- 32
- Reaction score
- 100,453
- Points
- 2,313
- Credits
- 32,590
6 Years of Service
76%
PhpSploit is a remote control framework, aiming to provide a stealth interactive shell-like connection over HTTP between client and web server. It is a post-exploitation tool capable to maintain access to a compromised web server for privilege escalation purposes.
Features
Efficient: More than 20 plugins to automate post-exploitation tasks
Run commands and browse filesystem, bypassing PHP security restrictions
Upload/Download files between client and target
Edit remote files through local text editor
Run SQL console on target system
Spawn reverse TCP shells
Stealth: The framework is made by paranoids, for paranoids
Nearly invisible by log analysis and NIDS signature detection
Safe-mode and common PHP security restrictions bypass
Communications are hidden in HTTP Headers
Loaded payloads are obfuscated to bypass NIDS
http/https/socks4/socks5 Proxy support
Convenient: A robust interface with many crucial features
Detailed help for any command or option (type help)
Cross-platform on both the client and the server.
Powerful interface with completion and multi-command support
Session saving/loading feature & persistent history
Multi-request support for large payloads (such as uploads)
Provides a powerful, highly configurable settings engine
Each setting, such as user-agent has a polymorphic mode
Customisable environment variables for plugin interaction
Provides a complete plugin development API
Changelog v3.1
Implemented enhancements:
Make warning message explicit when running plugin in non-connected mode #74
Show stack trace when VERBOSITY is True #73
get help for CMD when calling help CMD ARG #70
unexpected infinite autocompletion #68
help set \<VAR\>: display buffer type description #67
set should inform user that help set \<VAR\> is available #62
alias \<VAR\> None misses verbosity #59
Missing help set \<SETTING\> autocompletion #56
env: Confusing error message before exploited context #53
./deps/ folder is archaic #41
Fixed bugs:
phpsploit is not working properly #128
suidroot plugin makes invalid assumptions #105
crash: IndexError: list index out of range #101
lrun command always returns 0 #83
core.tunnel.exceptions.ResponseError: Php runtime error #81
core: read non-tty STDIN line-by-line #75
term colors: buggy message display #72
corectl display-http-requests: invalid log on POST method #65
alias can override existing command #60
isolate\_readline\_context\(\) don’t isolates readline history #54
Closed issues:
Scripting support #138
add jonas lejon as contributor for his blog post #137
corectl display-http-requests not working when PROXY is set #135
I’m sure i set the backdoor file,but i can’t get windows shell again #120
a window shell trate mysql data #119
Doubt about the socks proxy5 #114
INSTALL.md should have install instructions #106
Add contributors list on README #88
help \<PLUGIN\> lacks plugin informations #85
ux: show missing dependency warnings at start #80