PHP Reverse Shell
PHP Reverse Shell
PHP Reverse Shell
Just a little refresh on the popular PHP reverse shell script pentestmonkey/php-
reverse-shell. Credits to the original author!
Works on Linux OS and macOS with /bin/sh and Windows OS with cmd.exe. Script will
automatically detect the underlying OS.
Tested on XAMPP for Linux v7.3.19 (64-bit) with PHP v7.3.19 on Kali Linux v2020.2
(64-bit).
Tested on XAMPP for OS X v7.4.10 (64-bit) with PHP v7.4.10 on macOS Catalina
v10.15.6 (64-bit).
Tested on XAMPP for Windows v7.4.3 (64-bit) with PHP v7.4.3 on Windows 10
Enterprise OS (64-bit).
Reverse Shells
Web Shells
File Upload/Download Script
Case 1: Upload the Script to the Victim’s Server
Case 2: Upload the Script to Your Server
Set Up a Listener
Images
Reverse Shells
Change the IP address and port number inside the scripts as necessary.
Check the simple PHP web shell based on HTTP POST request.
Check the simple PHP web shell based on HTTP GET request. You must URL encode your
commands.
Check the simple PHP web shell v2 based on HTTP GET request. You must URL encode
your commands.
Find out more about PHP obfuscation techniques for old versions of PHP at
lcatro/PHP-WebShell-Bypass-WAF. Credits to the author!
File Upload/Download Script
Check the simple PHP file upload/download script based on HTTP POST request for
file upload and HTTP GET request for file download.
When downloading a file, you must URL encode the file path, and don't forget to
specify the output file if using cURL.
When uploading a file, don't forget to specify @ before the file path.
Depending on the server configuration, downloading a file through HTTP GET request
parameter might not always work, instead, you will have to hardcore the file path
in the script.
Case 1: Upload the Script to the Victim’s Server
Navigate to the script on the victim's web server with your preferred web browser,
or use cURL from you PC.
Upload a file to the server's web root directory from your PC:
If you elevated your initial privileges within your reverse shell, this script
might not have the same privileges as the shell. In that case, to download a
certain file, you might need to copy the file to the web root directory and set the
necessary read permissions.
Case 2: Upload the Script to Your Server
From your PHP reverse shell, run the following cURL commands.
Upload a file from the victim's PC to your server's web root directory:
Download a file from your server's web root directory to the victim's PC:
Set Up a Listener
To set up a listener, open your preferred console on Kali Linux and run one of the
examples below.
msfconsole -q
use exploit/multi/handler
exploit
Images
Ncat
Figure 1 - Ncat
Script Dump