Latest articles in ‘Projects’

  1. wwwolf’s PHP webshell user’s guide

    Published: Sat 02 December 2017 in Projects.
    wwwolf’s PHP webshell is a PHP web shell striving to abide by the KISS principle. Discover its features and how to use webshells in general.

    Web shells are backdoors relying on server-side scripting languages to be executed by the targeted server and usually accessed through a browser. While focused on wwwolf’s PHP webshell features, some part of this post are general and can be applied to other other webshells as well.

    While some web shells attempt to provide the most complete post-exploitation frameworkas possible, and are therefore heavy and prone to bugs and incompatibilities, wwwolf’s PHP webshell considers the web shell as a transitional step in taking over a server.

    wwwolf’s PHP webshell focuses on the functionalities necessary to do:

    • Local enumeration to discover the target’s environment and choose your next step.
    • Payloads and toolkits files transfer and execution, to proceed with your next step.

    It tries its best to:

    • Be unobtrusive, with a simple yet efficient interface.
    • Be reliable, being as tolerant as possible regarding the target’s environment and …

  2. is now available

    Published: Wed 25 October 2017 in Projects. is a MAC address table overflow utility.

    The traditional tool for MAC table overflow attacks is macof from the dsniff project. However I was not satisfied with this tool.

    In particular:

    • macof has no rate limit mechanism, it sends the packets as fast as the local CPU and the network adapter can support it.

      This leaves no room for a proper interception of users data.

    • Half of the packets generated by macof violates the Ethernet protocol by having the multicast bit set on the sender’s MAC address.

      As a result, these packets are considered corrupted and silently dropped by the first encountered switch.

      In other words, half of the packets generated by macof are generated for nothing.

    • macof constantly uses random MAC addresses for generated packets, meaning that a given source MAC address is rarely used more than once.

      This means that switches’ MAC table aging system …

  3. vmtools guided tour, part 2: manage virtual machines

    Published: Thu 21 September 2017 in Projects.
    Learn hos to fork, merge, and otherwise manipulate and diagnose vmtools virtual machines.

    Still with me? In this second part of the vmtools guided tour (read the first part first!), we will now enter in the core of the subject and learn how to manage virtual machines, and in particular how virtual machines forks and merges work.

    As before, if anything seems unclear or would warrant more explanation, feel free to contact me.

    Use vmcreate to create virtual machines

    Create a virtual machine from an installation ISO image

    vmup is useful to boot a virtual disk image, but it doesn’t save the virtual machine settings and does not provide access to vmtools more advanced features.

    In vmtools, a virtual machine is a standard directory gathering a few files. To create a new virtual machine, the most common way is to provide the path to the ISO image of an installation disk and the name of a new directory to create:

    user@host …

  4. vmtools guided tour, part 1: introduction and basic usage

    Published: Mon 18 September 2017 in Projects.
    Install vmtools and use vmup to boot disk image files.

    This the first of a short series of posts introducing vmtools main features. We will start in a gentle way by focusing on a single but central command: vmup.

    Feel free to contact me if anything seems unclear or would warrant more explanation.

    vmtools installation and uninstallation

    Use the provided script to install vmtools on your system. The default is to install it system-wide:

    sudo sh ./

    To install it as unprivileged user, create a ~/.local directory and use it as installation prefix:

    sh ./ -p ~/.local

    To uninstall vmtools, use the provided script.

    Centralized configuration file

    System-wide settings are stored in the file /etc/vmtools/vmtools.conf, this file is optional and must be manually created.

    This file lets you centrally configure the default settings to apply to all your virtual machines.

    Here is an example file:

    # Use VNC as the default display …

  5. vmtools, a Qemu virtual machines manager, is now available

    Published: Sun 17 September 2017 in Projects.

    vmtools is a Qemu virtual machines manager which strives to be easy, versatile and modular while adhering to the principle of least privileges, to respect users’ freedom and security.

    • Easy: Just vmup anything which can be booted, from a local disk image file to remote URLs including .ova archives and devices files. No complex parameters to set or remember, just boots the damn thing.

      Virtual machine settings are saved in short and clean plain-text files. No XML, no unneeded settings, only the non-default values specific to the virtual machine, easily readable and editable with any text editor.

    • Versatile: Use it how you want, vmtools does as few assumptions as possible. No imposed directory structure, no imposed work-flow.

      Saved virtual machines are standard directories and files which can be moved, copied or renamed at will, but can also be freely forked and merged to match even advanced work-flows.

      vmtools commands offer …

  6. wwwolf’s PHP webshell is now available

    Published: Sat 21 January 2017 in Projects.
    Updated: Sat 02 December 2017 (Added the password feature + link to project page.)
    Discover wwwolf's PHP webshell, a lightweight off-road PHP web shell!

    I frequently encountered issues when using other web shells:

    • They use new PHP syntax features not compatible with the old PHP version running on some targets.
    • They make wrong assumption on the remote URL, breaking PHP code injection or GET parameters (un)expected by the server.
    • They often only display standard output content, throwing away stderr.
    • They poorly handle special characters in output display (such as <).
    • They do not allow file upload, or offer a method unsupported/blocked by the target’s settings.
    • They require manual modification depending whether the target is running a UNIX-like or a Windows system.

    Here is my attempt to solve these issues. As opposed to some other solutions, this one does not even barely aim to become a “full-featured post-exploitation framework”. It’s only goal is to provide a stable and reliable way to get a foot in the door on the target by …

Popular tags see all