Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/nil0x42/phpsploit

Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor
https://github.com/nil0x42/phpsploit

advanced-persistent-threat backdoor blackhat c2 command-and-control hacking hacking-framework hacktool persistence php-backdoor php-webshell php-webshell-backdoor post-exploitation privilege-escalation redteam stealth web-hacking webshell

Last synced: 3 days ago
JSON representation

Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor

Awesome Lists containing this project

README 

        


  

    Master

  






    Full-featured C2 framework which silently persists on 
webserver via polymorphic PHP oneliner

    

      tweet

    









  

    Unit Tests workflow

  

  

    Dependabot status

  

  

    codacy code quality

  

  

    CodeQL workflow

  

  

    codecov coverage

  

  

    codeclimate maintainability

  






  

    

  

  

    

  

  

    

  

  

    

  






  

    Created by

    nil0x42 and

    contributors

  








* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *





  




#### Overview



The obfuscated communication is accomplished using HTTP headers under

standard client requests and web server's relative responses, tunneled

through a tiny **polymorphic backdoor**:



```php



```



* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



#### Quick Start



```sh

git clone https://github.com/nil0x42/phpsploit

cd phpsploit/

pip3 install -r requirements.txt

./phpsploit --interactive --eval "help help"

```



* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



#### Features



-   **Efficient**: More than 20 plugins to automate privilege-escalation tasks

    -   Run commands and browse filesystem, bypassing PHP security restrictions

    -   Upload/Download files between client and target

    -   Edit remote files through local text editor

    -   Run SQL console on target system

    -   Spawn reverse TCP shells



-   **Stealth**: The framework is made by paranoids, for paranoids

    -   Nearly invisible by log analysis and NIDS signature detection

    -   Safe-mode and common _PHP security restrictions bypass_

    -   Communications are hidden in HTTP Headers

    -   Loaded payloads are obfuscated to _bypass NIDS_

    -   http/https/socks4/socks5 **Proxy support**



-   **Convenient**: A robust interface with many crucial features

    -   Detailed help for any option (`help` command)

    -   _Cross-platform_ on both client and server.

    -   CLI supports auto-completion & multi-command

    -   Session saving/loading feature & persistent history

    -   Multi-request support for large payloads (such as uploads)

    -   Provides a powerful, highly configurable settings engine

    -   Each setting, such as user-agent has a _polymorphic mode_

    -   Customisable environment variables for plugin interaction

    -   Provides a complete plugin development API



* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



#### Supported platforms (as attacker):



-   GNU/Linux

-   Mac OS X



#### Supported platforms (as target):



-   GNU/Linux

-   BSD-like

-   Mac OS X

-   Windows NT



## Contributors



Thanks goes to these wonderful people:



  

    
nil0x42
💻 🚇 🔌 ⚠️

    
shiney-wh
💻 🔌

    
Wannes Rombouts
💻 🚧

    
Amine Ben Asker
💻 🚧

    
jose nazario
📖 🐛

    
Sujit Ghosal
📝

    
Zerdoumi
🐛

  

  

    
tristandostaler
🐛

    
Rohan Tarai
🐛

    
Jonas Lejon
📝

  



This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of any kind welcome