YAPS – Yet Another PHP Shell

[itsMe]

YAPS – Yet Another PHP Shell

As the name reveals, this is yet another PHP reverse shell, one more among hundreds available out there. It is a single PHP file containing all its functions and you can control it via a simple netcat listener (nc -lp 1337).

In the current version, its main functions support only Linux systems, but I’m planning to make it work with Windows too.

Features

•     Single PHP file (no need to install packages, libs, or download tons of files)
•     Works with netcat, ncat, socat, multi/handler, almost any listener
•     Customizable password protection
•     No logs in .bash_history
•     Can do some enumeration
•         Network info (interfaces, iptables rules, active ports)
•         User info
•         List SUID and GUID files
•         Search for SSH keys (public and private)
•         List crontab
•         List writable PHP files
•     Auto download LinPEAS, LinEnum, or Linux Exploit Suggester
•     Write and run PHP code on a remote host
•     (Semi) Stabilize shell

Cons

•     Connection isn’t encrypted (yet) (nc does not support SSL)
•     Not fully interactive (although you can spawn an interactive shell with !stabilize)
•         CTRL+C breaks it; can’t use arrows to navigate (unless you use rlwrap nc -lp <ip> <port&gt

To see this hidden content, you must like this content.