Главная » Языки программирования

Php shell one file

На чтение 8 мин
Содержание
  1. Saved searches
  2. Use saved searches to filter your results more quickly
  3. heiswayi/simple-php-shell
  4. Name already in use
  5. Sign In Required
  6. Launching GitHub Desktop
  7. Launching GitHub Desktop
  8. Launching Xcode
  9. Launching Visual Studio Code
  10. Latest commit
  11. Git stats
  12. Files
  13. README.md
  14. About
  15. Saved searches
  16. Use saved searches to filter your results more quickly
  17. License
  18. Arrexel/phpbash
  19. Name already in use
  20. Sign In Required
  21. Launching GitHub Desktop
  22. Launching GitHub Desktop
  23. Launching Xcode
  24. Launching Visual Studio Code
  25. Latest commit
  26. Git stats
  27. Files
  28. README.md
  29. About
  30. P0wny-Shell: Single-File PHP Shell
  31. Changelog
  32. Однострочный PHP-скрипт для получения Shell-a.

Saved searches

Use saved searches to filter your results more quickly

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

Simple PHP shell script, yet powerful enough.

heiswayi/simple-php-shell

This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Sign In Required

Please sign in to use Codespaces.

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching Xcode

If nothing happens, download Xcode and try again.

Launching Visual Studio Code

Your codespace will open once ready.

There was a problem preparing your codespace, please try again.

Latest commit

Git stats

Files

Failed to load latest commit information.

README.md

Simple PHP shell script, yet powerful enough.

Screenshot

  • Display OS type and PHP version
  • View phpinfo
  • Directory listing and walkthrough
  • Upload file to any directory
  • GZIP and download folder
  • chmod folder to 777
  • Highlight DB interaction files in red
  • Download, edit and delete a file
  • Execute MySQL query
  • Execute Shell Command
This is free and unencumbered software released into the public domain. Anyone is free to copy, modify, publish, use, compile, sell, or distribute this software, either in source code form or as a compiled binary, for any purpose, commercial or non-commercial, and by any means. In jurisdictions that recognize copyright laws, the author or authors of this software dedicate any and all copyright interest in the software to the public domain. We make this dedication for the benefit of the public at large and to the detriment of our heirs and successors. We intend this dedication to be an overt act of relinquishment in perpetuity of all present and future rights to this software under copyright law. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. For more information, please refer to

About

Simple PHP shell script, yet powerful enough.

Читайте также:  Css input type button padding

Источник

Saved searches

Use saved searches to filter your results more quickly

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

A semi-interactive PHP shell compressed into a single file.

License

Arrexel/phpbash

This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Sign In Required

Please sign in to use Codespaces.

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching Xcode

If nothing happens, download Xcode and try again.

Launching Visual Studio Code

Your codespace will open once ready.

There was a problem preparing your codespace, please try again.

Latest commit

Git stats

Files

Failed to load latest commit information.

README.md

phpbash is a standalone, semi-interactive web shell. It’s main purpose is to assist in penetration tests where traditional reverse shells are not possible. The design is based on the default Kali Linux terminal colors, so pentesters should feel right at home.

Javascript must be enabled on the client browser for phpbash to work properly. The target machine must also allow execution of the shell_exec PHP function, although it is very simple to modify the script to use an alternate function.

  • Requires only a single PHP file
  • POST-based requests
  • Support for current working directory
  • Command history with arrow keys
  • Upload files directly to target directory
Читайте также:  Вывод первого элемента массива python

Have a feature idea? Open an Issue.

  • cd Return to default shell directory
  • cd Change directory
  • cd — Return to previous directory
  • clear Clears all output
  • upload Opens the file browser and uploads selected file

Simply drop the phpbash.php or phpbash.min.php file on the target and access it with any Javascript-enabled web browser.

phpbash phpbash

About

A semi-interactive PHP shell compressed into a single file.

Источник

P0wny-Shell: Single-File PHP Shell

p0wny@shell:~# is a very basic, single-file, PHP shell. It can be used to quickly execute commands on a server when pentesting a PHP application. Use it with caution: this script represents a security risk for the server.

  • Command history (using arrow keys ↑ ↓ )
  • Auto-completion of command and file names (using Tab key)
  • Navigate on the remote file-system (using cd command)
  • Upload a file to the server (usig upload command)
  • Download a file from the server (using download command)

WARNING THIS SCRIPT IS A SECURITY HOLE. DO NOT UPLOAD IT ON A SERVER UNTIL YOU KNOW WHAT YOU ARE DOING!

P0wny-Shell

docker build -t p0wny . docker run -it -p 8080:80 -d p0wny # open with your browser http://127.0.0.1:8080/shell.php

Changelog

  • 2019-06-07: Adds the clear command to clear the terminal (@izharaazmi #12)
  • 2018-12-15: File upload and download feature (@Oshawk #5)
  • 2018-06-01:
    • Auto-completion of command and file names (@lo001 #2)
    • Adaptation to mobile devices (responsive) (@lo001 #2)
    • Improved handling of stderr (@lo001 #2)
    • ES5 compatibility (@lo00l #1)
    • Dependency to JQuery removed (@lo00l #1)
    • Command history using arrow keys (@lo00l #1)
    • Keep the command field focused when pressing the tab key

    Источник

    Однострочный PHP-скрипт для получения Shell-a.

    , я слышал, как кто-то что-то упоминал об однострочном PHP-скрипте, по сути представляющем собою Shell. Я предположил, что написание такого скрипта не составит особого труда, поскольку он представляет собою всего одну строку. Поиск информации в Гугле не принёс больших результатов, возможно потому, что это слишком легко, или я использовал неправильные условия поиска. В любом случае, я забыл о скрипте на некоторое время. до сих пор.

    Поскольку в настоящее время я изучаю PHP, меня интересует безопасность Web-приложений.
    Обучение пока не закончено, но сегодня (при чтении о том, как вводить данные, прежде чем использовать “include”) я вспомнил об использовании однострочного PHP-скрипта.
    Вот что у меня получилось:

    Очевидно, web-приложение должно быть в некотором роде уязвимым, чтобы имелась возможность поместить этот сценарий на сервер. Как только уязвимость будет найдена, скрипт потенциально может быть использован для взлома сайта или создания его дампа.
    Выходные данные скрипта -это просто текст, а не документ HTML. Поэтому, если вы используете веб-браузер, для просмотра результата необходимо смотреть исходный код страницы.

    Я использовал shell_exec() вместо Just exec (), потому что он возвращает каждую строку вместо последней. Альтернативой является использование passthru (), который также будет отправлять двоичные данные. Но, чтобы получить и правильно работать с двоичными данными, придется также установить заголовки, что делает скрипт многострочным.
    Я смог запустить команды unix (команды windows также должны работать, если хост работает под управлением windows) такие как:

    • shell.php?e=whoami
    • shell.php?e=pwd
    • shell.php?e=uname%20-a (I had to URL encode the spaces otherwise my browser thought it should search using google)
    • shell.php?e=echo%20This%20site%20has%20been%20hacked%3Eindex.html
    • shell?e=ls%20-l%20/tmp

    Источник

Оцените статью
© 2023 Программирование