This repository contains an upgraded version of the classic PentestMonkey PHP Reverse Shell. While the original is a staple in the security community, modern environments require more resilience and better process handling.
This version introduces several key enhancements designed for authorized penetration testing and Red Team engagements.
Compared to the 2007 original, this script includes:
- Persistence Loop: Added a reconnection logic that attempts to "call home" at a defined interval if the connection is dropped or the listener is not yet active.
- Background Execution: Utilizes
ignore_user_abort(true)andset_time_limit(0)to ensure the shell continues running even if the initial HTTP request times out. - Optimized I/O Redirection: Simplified descriptor handling by passing the socket directly to
proc_open, reducing overhead and improving stability. - OS Awareness: Basic logic to detect the host OS and toggle between
/bin/shandcmd.exe. - Reduced Signature: Removed verbose headers and optimized code structure to lower the "loudness" of the script against basic static analysis.
- Configure: Open the script and edit the
$ipand$portvariables to match your listener. - Listener: Start your listener (e.g.,
nc -lvnp 1234). - Execute: Upload to the target server and execute via a web browser or CLI:
php reverse.php. - TTY Upgrade: Once connected, it is highly recommended to upgrade to a full TTY:
python3 -c 'import pty; pty.spawn("/bin/bash")' # Then background with Ctrl+Z, and run: stty raw -echo; fg
This tool is intended for educational purposes and authorized security auditing only. Unauthorized access to computer systems is illegal. The author (cyberkareem) accepts no liability for any misuse or damage caused by this tool.
This project is a derivative of the original PentestMonkey script and is licensed under the GPL v2. See the script headers for full license details.