WhiteWinterWolf's PHP web shell
I frequently encountered issues when using other web shells:
<
).Here is my attempt to solve these issues. As opposed to some other solutions, this one does not even barely aim to become a "full-featured post-exploitation framework". It's only goal is to provide a stable and reliable way to get a foot in the door on the target by adhering to the KISS principle as much as possible and staying generic enough to let you build what you want from there without getting in your way.
WhiteWinterWolf's PHP web shell:
/var/www/html
vs. C:\Inetpub\wwwroot
).open_basedir
setting
may limit your ability to move throughout the server.url_allow_fopen
setting limitation. It does
not handle fancy things like HTTP redirection or authentication, but may
still handle SSL/TLS by prepending the hostname accordingly
(tls://203.0.113.37
).Clear cmd
allows to clear and set the focus on the command input
form field in a single click. I find it convenient to quickly execute a few
arbitrary commands on the server but this feature relies on JavaScript. If
you want to avoid JavaScript you can remove this single-line, this will not
affect the rest of the web shell which does not use JavaScript anywhere else.This script applies the form settings in the given order:
This allows to upload a file in a given directory and immediately execute it in a single HTTP request.
More information can be found on the main project page.
This script is provided only for security research and assessment purposes. Do not use it for anything illegal!