YAPS v1.5 - Yet Another PHP Shell

[itsMe]

YAPS – Yet Another PHP Shell

As the name reveals, this is yet another PHP reverse shell, one more among hundreds available out there. It is a single PHP file containing all its functions and you can control it via a simple netcat listener (nc -lp 1337).

In the current version, its main functions support only Linux systems, but I’m planning to make it work with Windows too.

Features

    Single PHP file (no need to install packages, libs, or download tons of files)
    Works with netcat, ncat, socat, multi/handler, almost any listener
    Customizable password protection
    No logs in .bash_history
    Does some enumeration
        Network info (interfaces, iptables rules, active ports)
        User info
        List SUID and GUID files
        Search for SSH keys (public and private)
        List crontab
        List writable PHP files
    Auto download LinPEAS, LinEnum or Linux Exploit Suggester
    Write and run PHP code on remote host
    (Semi) Stabilize shell
    Duplicate connections
    Auto update
    Infect PHP files with backdoors
    [NEW] Auto reverse root shell via pwnkit (CVE-2021-4034)

Cons

    Connection isn’t encrypted (yet) (nc does not support SSL)
    Not fully interactive (although you can spawn an interactive shell with !stabilize)
        CTRL+C breaks it; can’t use arrows to navigate (unless you use rlwrap nc -lp <ip> <port&gt

Changelog v1.5

    Added !shellcode to receive and run an arbitrary shellcode
    Improved duplicate() function (you can now a range of ports)
    Changed function name from stabilize to interactive
    Packed embedded codes to save space
    Fixed broken links
    Prepend TERM=xterm to all commands
    Minor improvements

To see this hidden content, you must like this content.