A semi-interactive PHP shell compressed into a single file.
Switch branches/tags
Nothing to show
Clone or download
Latest commit bf3e591 Feb 14, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
LICENSE Initial commit Nov 28, 2017
README.md spelling fix, no content changes Feb 5, 2018
phpbash.min.php Patch XSS vuln Feb 14, 2018
phpbash.php Patch XSS vuln Feb 14, 2018

README.md

phpbash

phpbash is a standalone, semi-interactive web shell. It's main purpose is to assist in penetration tests where traditional reverse shells are not possible. The design is based on the default Kali Linux terminal colors, so pentesters should feel right at home.

Requirements

Javascript must be enabled on the client browser for phpbash to work properly. The target machine must also allow execution of the shell_exec PHP function, although it is very simple to modify the script to use an alternate function.

Features

  • Requires only a single PHP file
  • POST-based requests
  • Support for current working directory
  • Command history with arrow keys
  • Upload files directly to target directory

Have a feature idea? Open an Issue.

Custom Commands

  • cd Return to default shell directory
  • cd <path> Change directory
  • cd - Return to previous directory
  • clear Clears all output
  • upload Opens the file browser and uploads selected file

Usage

Simply drop the phpbash.php or phpbash.min.php file on the target and access it with any Javascript-enabled web browser.

Screenshots

phpbash phpbash