Latest articles in ‘Php-webshell’

  1. wwwolf’s PHP webshell user’s guide

    Published: Sat 02 December 2017 in Projects.
    wwwolf’s PHP webshell is a PHP web shell striving to abide by the KISS principle. Discover its features and how to use webshells in general.

    Web shells are backdoors relying on server-side scripting languages to be executed by the targeted server and usually accessed through a browser. While focused on wwwolf’s PHP webshell features, some part of this post are general and can be applied to other other webshells as well.

    While some web shells attempt to provide the most complete post-exploitation frameworkas possible, and are therefore heavy and prone to bugs and incompatibilities, wwwolf’s PHP webshell considers the web shell as a transitional step in taking over a server.

    wwwolf’s PHP webshell focuses on the functionalities necessary to do:

    • Local enumeration to discover the target’s environment and choose your next step.
    • Payloads and toolkits files transfer and execution, to proceed with your next step.

    It tries its best to:

    • Be unobtrusive, with a simple yet efficient interface.
    • Be reliable, being as tolerant as possible regarding the target’s environment and …

  2. wwwolf’s PHP webshell is now available

    Published: Sat 21 January 2017 in Projects.
    Updated: Sat 02 December 2017 (Added the password feature + link to project page.)
    Discover wwwolf's PHP webshell, a lightweight off-road PHP web shell!

    I frequently encountered issues when using other web shells:

    • They use new PHP syntax features not compatible with the old PHP version running on some targets.
    • They make wrong assumption on the remote URL, breaking PHP code injection or GET parameters (un)expected by the server.
    • They often only display standard output content, throwing away stderr.
    • They poorly handle special characters in output display (such as <).
    • They do not allow file upload, or offer a method unsupported/blocked by the target’s settings.
    • They require manual modification depending whether the target is running a UNIX-like or a Windows system.

    Here is my attempt to solve these issues. As opposed to some other solutions, this one does not even barely aim to become a “full-featured post-exploitation framework”. It’s only goal is to provide a stable and reliable way to get a foot in the door on the target by …

Popular tags see all