{"id":13777725,"url":"https://github.com/whitewinterwolf/wwwolf-php-webshell","last_synced_at":"2025-05-11T11:34:06.945Z","repository":{"id":50608835,"uuid":"79653761","full_name":"WhiteWinterWolf/wwwolf-php-webshell","owner":"WhiteWinterWolf","description":"WhiteWinterWolf's PHP web shell","archived":false,"fork":false,"pushed_at":"2017-12-02T21:48:00.000Z","size":64,"stargazers_count":563,"open_issues_count":0,"forks_count":153,"subscribers_count":6,"default_branch":"master","last_synced_at":"2024-08-03T18:11:54.970Z","etag":null,"topics":["offsec","pentesting","php","unix","webapp","windows"],"latest_commit_sha":null,"homepage":"https://www.whitewinterwolf.com/tags/php-webshell/","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/WhiteWinterWolf.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-01-21T15:25:14.000Z","updated_at":"2024-08-01T19:41:31.000Z","dependencies_parsed_at":"2022-08-25T15:50:29.430Z","dependency_job_id":null,"html_url":"https://github.com/WhiteWinterWolf/wwwolf-php-webshell","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/WhiteWinterWolf%2Fwwwolf-php-webshell","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/WhiteWinterWolf%2Fwwwolf-php-webshell/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/WhiteWinterWolf%2Fwwwolf-php-webshell/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/WhiteWinterWolf%2Fwwwolf-php-webshell/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/WhiteWinterWolf","download_url":"https://codeload.github.com/WhiteWinterWolf/wwwolf-php-webshell/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225043191,"owners_count":17411948,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["offsec","pentesting","php","unix","webapp","windows"],"created_at":"2024-08-03T18:00:47.751Z","updated_at":"2024-11-17T13:31:05.561Z","avatar_url":"https://github.com/WhiteWinterWolf.png","language":"PHP","readme":"# wwwolf's PHP web shell\n\nI frequently encountered issues when using other web shells:\n\n* They use new PHP syntax features not compatible with the old PHP version\n  running on some targets.\n* They make wrong assumption on the remote URL, breaking PHP code injection or\n  GET parameters (un)expected by the server.\n* They often only display standard output content, throwing away stderr.\n* They poorly handle special characters in output display (such as `\u003c`).\n* They do not allow file upload, or offer a method unsupported/blocked by the\n  target's settings.\n* They require manual modification depending whether the target is running\n  a UNIX-like or a Windows system.\n\nHere is my attempt to solve these issues. As opposed to some other solutions,\nthis one does not even barely aim to become a *\"full-featured \npost-exploitation framework\"*. It's only goal is to provide a stable and\nreliable way to get a foot in the door on the target by adhering to the KISS\nprinciple as much as possible and staying generic enough to let you build what\nyou want from there without getting in your way.\n\n![WhiteWinterWolf's PHP web shell screenshot](screenshot.png)\n\n*WhiteWinterWolf's PHP web shell*:\n\n- Access can be **password protected**.\n- Is compatible with both **UNIX-like and Windows systems with no modification**.\n- Attempts to clear PHP output buffer (ie. drop any \"garbage\" code already\n  produced by the attacked application) and enforce PHP code execution\n  termination to provide the most **clean and stable behavior**.\n- The form is **submitted as a POST requests** keeping the exact same URL (including\n  the exact same GET parameters, nothing added or removed) which has been used\n  to access it in the first place. **No assumption is made**, making it suitable\n  for twisted code injection techniques. Moreover the remote server may not\n  log POST data, and thus may not log the actual commands execute on the target.\n- **Sensible default values** are applied:\n  - The current working directory is set to the actual current working\n    directory. This has the added advantage of easily telling you the remote\n    system-type (`/var/www/html` vs. `C:\\Inetpub\\wwwroot`).\n  - The fetch source host is set to your IP address as seen from the targeted\n    server.\n- You can freely **set the working directory** and the value is kept among commands.\n  A specific warning message is displayed in case PHP's `open_basedir` setting\n  may limit your ability to move throughout the server.\n- There is **two different ways to upload files** to your targets:\n  - A classical upload form if the remote PHP settings allows it.\n  - Fetch the file from a given host and URL (usually a host controlled by the\n    attacker). This feature implement a *very* basic HTTP fetch functionality\n    allowing to circumvent PHP's `url_allow_fopen` setting limitation. It does\n    not handle fancy things like HTTP redirection or authentication, but *may*\n    still handle SSL/TLS by prepending the hostname accordingly\n    (`tls://203.0.113.37`).\n- A link `Clear cmd` allows to **clear and set the focus on the command input\n  form field in a single click**. I find it convenient to quickly execute a few\n  arbitrary commands on the server but this feature relies on JavaScript. If\n  you want to avoid JavaScript you can remove this single-line, this will not\n  affect the rest of the web shell which does not use JavaScript anywhere else.\n\nThis script applies the form settings in the given order:\n\n1. Current working directory.\n2. Files to upload.\n3. Command to execute.\n\nThis allows to upload a file in a given directory and immediately execute it in\na single HTTP request.\n\nMore information can be found on the [main project page][].\n\nThis script is provided only for security research and assessment purposes.\nDo not use it for anything illegal!\n\n\n[main project page]: https://www.whitewinterwolf.com/tags/php-webshell/\n\t\"wwwolf's PHP webshell project page\"\n","funding_links":[],"categories":["\u003ca id=\"faa91844951d2c29b7b571c6e8a3eb54\"\u003e\u003c/a\u003e新添加"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwhitewinterwolf%2Fwwwolf-php-webshell","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwhitewinterwolf%2Fwwwolf-php-webshell","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwhitewinterwolf%2Fwwwolf-php-webshell/lists"}