php-reverse-shell

Yet another php reverse shell for pentesters

Features

• Compatible with netcat and ncat
• Host resolution via DoH and DDNS
• Support for daemonization and encryption
• Semi-automatic shell stabilization

Usage

• Register domain on DDNS service https://freemyip.com
• Save link to update IPv4 address (https://freemyip.com/update?token=my-token&domain=my-domain.freemyip.com)
• Use link to update IPv4 address
• Change config in shell.php file
• Upload backdoor to vulnerable server
• Create new terminal window or tab
  • Open port from config
  • Start listening on port from config:
    • ncat -nvlp 1337 --ssl (with encryption, recommend)
    • nc -nlvp 1337 (without encryption)
  • Visit /start.php on vulnerable server
  • Wait for shell to appear in terminal
  • Press Ctrl + Z in terminal
  • Run stty raw -echo; fg in terminal and press Enter

NOTE: to exit from shell use Ctrl + D twice