Phpsploit Versions Save

Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor

v3.2

3 years ago

Improvements:

  • add bannergrab plugin: scan internal ports & grab TCP banners (8f3af803979ec0990d140304e677375a78459a11)
  • add cloudcredgrab plugin: cloud credentials hunter/grabber (45f516b0f83f663ef3fc69a89e55740373b3dcb4)
  • add proclist: show process list on windows without command execution (71a3b231a71a5441cb8df9e4a13d278721093273)
  • remove unused vars: env.PORT & session.Cache (#71, #102)
  • update pygments depencency to newest version (5d3f4c57c1c53ff36f5f8e1962b51206ff716903)

CI & Tests:

  • ci: Create Dependabot config file (309777fdb8155b18b9b0a8280e2574418de0a9d3)
  • ci/test: fix improperly removed $TMPFILE on help.sh (62310972b87f1520b988df7d70639298b14da2ae)
  • ci/editorconfig: fix trim_trailing_whitespace bug (9439cf0b39a19a20a9b54a7d677dbea2f10af7ed)

Special thanks to @paralax for bannergrab, cloudcredgrab & proclist plugins !

v3.1

3 years ago

Implemented enhancements:

  • Make warning message explicit when running plugin in non-connected mode #74
  • Show stack trace when VERBOSITY is True #73
  • get help for CMD when calling help CMD ARG #70
  • unexpected infinite autocompletion #68
  • help set \<VAR\>: display buffer type description #67
  • set should inform user that help set \<VAR\> is available #62
  • alias \<VAR\> None misses verbosity #59
  • Missing help set \<SETTING\> autocompletion #56
  • env: Confusing error message before exploited context #53
  • ./deps/ folder is archaic #41

Fixed bugs:

  • phpsploit is not working properly #128
  • suidroot plugin makes invalid assumptions #105
  • crash: IndexError: list index out of range #101
  • lrun command always returns 0 #83
  • core.tunnel.exceptions.ResponseError: Php runtime error #81
  • core: read non-tty STDIN line-by-line #75
  • term colors: buggy message display #72
  • corectl display-http-requests: invalid log on POST method #65
  • alias can override existing command #60
  • isolate\_readline\_context\(\) don't isolates readline history #54

Closed issues:

  • Scripting support #138
  • add jonas lejon as contributor for his blog post #137
  • corectl display-http-requests not working when PROXY is set #135
  • I'm sure i set the backdoor file,but i can't get windows shell again #120
  • a window shell trate mysql data #119
  • Doubt about the socks proxy5 #114
  • INSTALL.md should have install instructions #106
  • Add contributors list on README #88
  • help \<PLUGIN\> lacks plugin informations #85
  • ux: show missing dependency warnings at start #80