Skip to content

cixtor/phpshellgen

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 0 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
LICENSE.md
 
 
README.md
 
 
generator.php
 
 
jquery.min.js
 
 
jquery.terminal.min.css
 
 
jquery.terminal.min.js
 
 
template.txt
 
 
PHP-Shell Generator Options Commands Generator 404 Not Found

README.md

PHP-Shell Generator

Minimalistic web shell written in PHP and jQuery.Terminal. The purpose of this tool is to serve as an alternative to popular web shells like r57 and c99 but with a minimalistic user interface with focus on the essential tools like a command line interface and access to system programs as well as alternatives when such programs are unavailable.

Options

Parameters Name Description
-h Help Prints this message with a list of available options
-i Input Specifies the file to serve as a template to generate the web shell (default "template.txt")
-o Output Specifies the filename for the generated web shell (default <random>.php)
-s Shell Specifies the PHP function to execute Unix commands (default "passthru")
-u Username Specifies the username to restrict access to a limit set of users
-p Password Specifies the password to restrict access to a limit set of users
-l Lint Double-checks the consistency of the PHP code in generated file

Commands

Command Description
set_interpreter Sets the PHP function to execute commands, e.g. set_interpreter shell_exec
get_interpreter Prints the current PHP function acting as the interpreter
interpreter Alias for get_interpreter
get_disabled_functions Prints a list of disabled PHP functions to identify which shell functions are available
disabled_functions Alias for get_disabled_functions
get_php_version Prints the PHP version
php_version Alias for get_php_version
cd Changes directories using chdir, e.g. cd /var/log/
logout Terminates the user session and reloads the page
exit Alias for logout
status Prints the web shell configuration
clear Resets the screen

Generator

The process consists basically in replace some lines of the template with the customizable data provided by the tool like the password or the shell interpreter, adding dependencies to implement the web terminal interface, reducing the tabular characters and new lines to finally get a shell of more or less 130KiB.

Note: The shell generator was rewritten from Ruby to PHP for simplicity.

compilation

404 Not Found

To attempt to hide the web shell in the web server a little bit, the generated PHP file returns a "404 Not Found" status code on GET and HEAD requests when the user session is not set yet. When you access the PHP file in a web browser, press the <Tab> key to jump to the first form field and type the username, press <Tab> one more time to type the password, and then hit the <Return> key to submit the form and log in. If the credentials are correct, the web shell will create a session that will remain until you type logout or exit.

not_found

About

Web shell built on top of PHP with focus on simplicity

Resources

Readme

License

MIT license

Stars

3 stars

Watchers

2 watching

Forks

1 fork

Releases

No releases published

Packages

No packages published

Languages