Search the Community

PhpSploit is a remote control framework, aiming to provide a stealth interactive shell-like connection over HTTP between client and web server. It is a post-exploitation tool capable to maintain access to a compromised web server for privilege escalation purposes. Features Efficient: More than 20 plugins to automate post-exploitation tasks Run commands and browse filesystem, bypassing PHP security restrictions Upload/Download files between client and target Edit remote files through local text editor Run SQL console on target system Spawn reverse TCP shells Stealth: The framework is made by paranoids, for paranoids Nearly invisible by log analysis and NIDS signature detection Safe-mode and common PHP security restrictions bypass Communications are hidden in HTTP Headers Loaded payloads are obfuscated to bypass NIDS http/https/socks4/socks5 Proxy support Convenient: A robust interface with many crucial features Detailed help for any command or option (type help) Cross-platform on both the client and the server. Powerful interface with completion and multi-command support Session saving/loading feature & persistent history Multi-request support for large payloads (such as uploads) Provides a powerful, highly configurable settings engine Each setting, such as user-agent has a polymorphic mode Customisable environment variables for plugin interaction Provides a complete plugin development API Changelog v3.1 Implemented enhancements: Make warning message explicit when running plugin in non-connected mode #74 Show stack trace when VERBOSITY is True #73 get help for CMD when calling help CMD ARG #70 unexpected infinite autocompletion #68 help set \<VAR\>: display buffer type description #67 set should inform user that help set \<VAR\> is available #62 alias \<VAR\> None misses verbosity #59 Missing help set \<SETTING\> autocompletion #56 env: Confusing error message before exploited context #53 ./deps/ folder is archaic #41 Fixed bugs: phpsploit is not working properly #128 suidroot plugin makes invalid assumptions #105 crash: IndexError: list index out of range #101 lrun command always returns 0 #83 core.tunnel.exceptions.ResponseError: Php runtime error #81 core: read non-tty STDIN line-by-line #75 term colors: buggy message display #72 corectl display-http-requests: invalid log on POST method #65 alias can override existing command #60 isolate\_readline\_context\(\) don’t isolates readline history #54 Closed issues: Scripting support #138 add jonas lejon as contributor for his blog post #137 corectl display-http-requests not working when PROXY is set #135 I’m sure i set the backdoor file,but i can’t get windows shell again #120 a window shell trate mysql data #119 Doubt about the socks proxy5 #114 INSTALL.md should have install instructions #106 Add contributors list on README #88 help \<PLUGIN\> lacks plugin informations #85 ux: show missing dependency warnings at start #80 [hide][Hidden Content]]