PHP Reverse Shell
Just a little refresh on the popular PHP reverse shell script pentestmonkey/php-reverse-shell. Credits to the original author!
Works on Linux OS and macOS with /bin/sh
and Windows OS with cmd.exe
. Script will automatically detect an underlying OS.
Works with both ncat
and multi/handler
.
Tested on XAMPP for Linux v7.3.19 (64-bit) with PHP v7.3.19 on Kali Linux v2020.2 (64-bit).
Tested on XAMPP for OS X v7.4.10 (64-bit) with PHP v7.4.10 on macOS Catalina v10.15.6 (64-bit).
Tested on XAMPP for Windows v7.4.3 (64-bit) with PHP v7.4.3 on Windows 10 Enterprise OS (64-bit).
In addition, everything was tested on Docker images nouphet/docker-php4 with PHP v4.4.0 and steeze/php52-nginx with PHP v5.2.17.
Made for educational purposes. I hope it will help!
Process pipes on Windows OS do not support asynchronous operations so stream_set_blocking()
, stream_select()
, and feof()
will not work properly, but I found a workaround.
How to Run
/src/php_reverse_shell.php requires PHP v5.0.0 or greater, mainly because proc_get_status()
is being used.
/src/php_reverse_shell_older.php requires PHP v4.3.0 or greater.
Change the IP address and port number inside the script as necessary.
Copy /src/php_reverse_shell.php to your server's web root directory (e.g. to /opt/lampp/htdocs/ on XAMPP) or upload it to your target's web server.
Navigate to the file with your preferred web browser.
Check the simple PHP web shell based on HTTP POST request.
Check the simple PHP web shell based on HTTP GET request. You must URL encode your commands.
Check the simple PHP web shell v2 based on HTTP GET request. You must URL encode your commands.
Find out more about PHP obfuscation techniques for older versions of PHP at lcatro/PHP-WebShell-Bypass-WAF. Credits to the author!
Check the minified scripts in /src/minified/ directory.
Set Up a Listener
To set up a listener, open your preferred console on Kali Linux and run one of the examples below.
Set up an ncat
listener:
Set up a multi/handler
module:
Last updated