- Joined
- Jan 8, 2019
- Messages
- 56,623
- Solutions
- 2
- Reputation
- 32
- Reaction score
- 100,455
- Points
- 2,313
- Credits
- 32,750
6 Years of Service
76%
As the name reveals, this is yet another PHP reverse shell, one more among hundreds available out there. It is a single PHP file containing all its functions and you can control it via a simple netcat listener (nc -lp 1337).
In the current version, its main functions support only Linux systems, but I’m planning to make it work with Windows too.
Features
Single PHP file (no need to install packages, libs, or download tons of files)
Works with netcat, ncat, socat, multi/handler, almost any listener
Customizable password protection
No logs in .bash_history
Does some enumeration
Network info (interfaces, iptables rules, active ports)
User info
List SUID and GUID files
Search for SSH keys (public and private)
List crontab
List writable PHP files
Auto download LinPEAS, LinEnum or Linux Exploit Suggester
Write and run PHP code on remote host
(Semi) Stabilize shell
Duplicate connections
Auto update
Infect PHP files with backdoors
[NEW] Auto reverse root shell via pwnkit (CVE-2021-4034)
Cons
Connection isn’t encrypted (yet) (nc does not support SSL)
Not fully interactive (although you can spawn an interactive shell with !stabilize)
CTRL+C breaks it; can’t use arrows to navigate (unless you use rlwrap nc -lp <ip> <port>
Changelog v1.4
Added !pwnkit to exploit CVE-2021-4034 and spawn a root reverse shell
Improved verify_update() function
Minor code improvements