Moved to https://github.com/z0noxz/mando.me
PHP Command Injection exploitation tool
- Exploit web page and upload simple-shell.php (or simply find an existing exploitable command injection).
- Execute the controller to exploit the command injection vulnerability. The controller is simply a command injection exploitation tool, and can therefore with a few adjustments be rewritten to exploit allready existing vulnerabilities without the need for uploading the 'simple-shell.php'.
Featuers (so far)
- File upload
- File download
- Normal terminal commands (excluding prompts e.g. password)
- Meterpreter reverse shell injection
You shall not misuse this tool to gain unauthorized access. This tool should only be used to expand knowledge, and not for causing malicious or damaging attacks. Performing any attacks without written permission from the owner of the system is illegal.