https://github.com/bismuthsalamander/phpstachio

Encrypted PHP web shell
https://github.com/bismuthsalamander/phpstachio

Last synced: about 1 month ago
JSON representation

Encrypted PHP web shell

Host: GitHub
URL: https://github.com/bismuthsalamander/phpstachio
Owner: bismuthsalamander
Created: 2019-08-08T16:20:45.000Z (over 5 years ago)
Default Branch: master
Last Pushed: 2019-08-08T17:04:31.000Z (over 5 years ago)
Last Synced: 2025-01-21T04:41:36.694Z (3 months ago)
Language: PHP
Size: 4.88 KB
Stars: 3
Watchers: 1
Forks: 1
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# PHPstachio
Encrypted PHP web shell generator. Requires openssl on the machine that generates the shell and on the target machine. Tested on Win64 and Kali.

Usage:

```
git clone https://github.com/bismuthsalamander/PHPstachio/
cd PHPstachio
php generate.php #enter password when asked
#copy web shell to target web server, visit page in browser and type password
```

The web shell is encrypted using AES-256 in CTR mode. The encryption key is derived from your password and a random salt.

It's inconvenient for the user to retype their password on every request, but it's a bit dangerous to send the password back to the browser in an `` element. Therefore, the password is stored in the browser in sessionStorage and automatically populated into the form when the web shell is rendered.

Possible to-dos include adding some more obfuscation to the final shell and supporting file downloads over HTTP (i.e., built-in wget).

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/bismuthsalamander/phpstachio

Awesome Lists containing this project

README