Search the Community

Showing results for tags 'shell'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Staff Control
    • Staff Announcements
    • Moderators
    • Staff
    • Administration
  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Pentesting Zone
  • Security & Anonymity
  • Operating Systems | Hardware | Programs
  • Graphic Design
  • vBCms Comments
  • live stream tv
  • Marketplace
  • Pentesting Premium
  • Modders Section
  • PRIV8-Section
  • Pentesting Zone PRIV8
  • Carding Zone PRIV8
  • Recycle Bin

Blogs

There are no results to display.

There are no results to display.


Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me


Location


Interests


Occupation


TeamViewer


Twitter


Facebook


Youtube


Google+


Tox

Found 134 results

  1. Evil-WinRM This shell is the ultimate WinRM shell for hacking/pentesting. WinRM (Windows Remote Management) is the Microsoft implementation of the WS-Management Protocol. A standard SOAP-based protocol that allows hardware and operating systems from different vendors to interoperate. Microsoft included it in their Operating Systems in order to make life easier to system administrators. This program can be used on any Microsoft Windows Servers with this feature enabled (usually at port 5985), of course only if you have credentials and permissions to use it. So we can say that it could be used in a post-exploitation hacking/pentesting phase. The purpose of this program is to provide nice and easy-to-use features for hacking. It can be used with legitimate purposes by system administrators as well but most of its features are focused on hacking/pentesting stuff. Features Command History WinRM command completion Local files completion Upload and download files List remote machine services FullLanguage Powershell language mode Load Powershell scripts Load in memory dll files bypassing some AVs Load in memory C# (C Sharp) compiled exe files bypassing some AVs Colorization on output messages (can be disabled optionally) Changelog v3.0 Remote files/directories autocomplete feature (Thanks to arale61) Added option to log commands and outputs to a log file (Thanks to Borch Cañavate) [hide][Hidden Content]]
  2. YAPS – Yet Another PHP Shell As the name reveals, this is yet another PHP reverse shell, one more among hundreds available out there. It is a single PHP file containing all its functions and you can control it via a simple netcat listener (nc -lp 1337). In the current version, its main functions support only Linux systems, but I’m planning to make it work with Windows too. Features Single PHP file (no need to install packages, libs, or download tons of files) Works with netcat, ncat, socat, multi/handler, almost any listener Customizable password protection No logs in .bash_history Can do some enumeration Network info (interfaces, iptables rules, active ports) User info List SUID and GUID files Search for SSH keys (public and private) List crontab List writable PHP files Auto download LinPEAS, LinEnum, or Linux Exploit Suggester Write and run PHP code on a remote host (Semi) Stabilize shell Cons Connection isn’t encrypted (yet) (nc does not support SSL) Not fully interactive (although you can spawn an interactive shell with !stabilize) CTRL+C breaks it; can’t use arrows to navigate (unless you use rlwrap nc -lp <ip> <port>) [hide][Hidden Content]]
  3. itsMe

    PHP Reverse Shell

    Just a little refresh on the popular PHP reverse shell script pentestmonkey/php-reverse-shell. Credits to the original author! Works on Linux OS and macOS with /bin/sh and Windows OS with cmd.exe. Script will automatically detect an underlying OS. Works with both ncat and multi/handler. Tested on XAMPP for Linux v7.3.19 (64-bit) with PHP v7.3.19 on Kali Linux v2020.2 (64-bit). Tested on XAMPP for OS X v7.4.10 (64-bit) with PHP v7.4.10 on macOS Catalina v10.15.6 (64-bit). Tested on XAMPP for Windows v7.4.3 (64-bit) with PHP v7.4.3 on Windows 10 Enterprise OS (64-bit). In addition, everything was tested on Docker images nouphet/docker-php4 with PHP v4.4.0 and steeze/php52-nginx with PHP v5.2.17. Made for educational purposes. I hope it will help! [hide][Hidden Content]]
  4. Description In this course I will walk you through, how you could build a full working python shell without using IP or PORT forwarding method. Hope you will find useful tips to think outside a box when you always try to build your own program. We use the Simple mail transfer protocol, instead of the SOCKET protocol. I was trying to navigate many of the course published on Udemy but didn’t find a course who use SMPT protocol more than in a keylogger apps. So in this course, I try to take this program to next level, and I build a full script that works even better than what we can build using the SOCKET protocol. Just to list some of them you don’t need to use the IP/Port forwarding method to make your program work outside the local area network. SO you could just use this type of shell outside your network as simple as it is. DISCLAIMER this course is for educational purposes only. SMTP servers are complicated, and if you’re just dipping your toe into the how-email-gets-sent world, it’s easy to feel overwhelmed. To help you navigate your email sending, we’ve put together a list of the most common SMTP server questions we receive, so you’ll be an SMTP expert in no time. What is an SMTP server? An SMTP (Simple Mail Transfer Protocol) server is an application that’s primary purpose is to send, receive, and/or relay outgoing mail between email senders and receivers. An SMTP server will have an address (or addresses) that can be set by the mail client or application that you are using. When you send an email, the SMTP server processes your email, decides which server to send the message to, and relays the message to that server. The recipient’s inbox service provider, such as Gmail or AOL then downloads the message and places it in the recipient’s inbox. You can find more details on SMTP servers on our docs page. Is an SMTP server the same as a normal server? Technically, yes. Like most servers, the SMTP server processes data to send to another server, but it has the very specific purpose of processing data related to the sending, receiving, and relaying of email. An SMTP server is also not necessarily on a machine. It is an application that is constantly running in anticipation of sending new mail. Why are SMTP servers important? Without an SMTP server, your email wouldn’t make it to its destination. Once you hit “send,” your email transforms into a string of code that is then sent to the SMTP server. The SMTP server is able to process that code and pass on the message. If the SMTP server wasn’t there to process the message, it would be lost in translation. Additionally, the SMTP server verifies that the outgoing email is from an active account, acting as the first safeguard in protecting your inbox from illegitimate email. It also will send the email back to the sender if it can’t be delivered. This informs the sender that they have the wrong email address or that their email is being blocked by the receiving server. If you’re looking for more information on SMTP, check out our post, SMTP Service Crash Course. Source (sendgrid/blog/what-is-an-smtp-server/) What we learn on this course? on this course we will build fully functional reverse shell, which could work outside your local area network. what makes this program different from others? on this course we build our reverse shell using SMTP protocol instead of using SOCAT protocol. 2w Who this course is for: Anyone who wants to learn about Ethical hacking and Python programming. What you’ll learn Create reverse shell which could work anywhere in the world WITHOUT using your public IP address or PORT forwarding method. [hide][Hidden Content]]
  5. MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats. The new version of MagicRecon has a large number of new tools to automate as much as possible the process of collecting data from a target and searching for vulnerabilities. It also has a menu where the user can select which option he wants to execute. This new version also has the option of "Install dependencies" with which the user can easily install all the tools and dependencies that are needed to run MagicRecon. The script code has been made in a modular way so that any user can modify it to their liking. With MagicRecon you can easily find: Sensitive information disclosure. Missing HTTP headers. Open S3 buckets. Subdomain takeovers. SSL/TLS bugs. Open ports and services. Email spoofing. Endpoints. Directories. Juicy files. Javascript files with senstive info. CORS missconfigurations. Cross-site scripting (XSS). Open Redirect. SQL Injection. Server-side request forgery (SSRF). CRLF Injection. Remote Code Execution (RCE). Other bugs. [hide][Hidden Content]]
  6. Platypus A modern multiple reverse shell sessions/clients manager via terminal written in go Features Multiple service listening port Multiple client connections RESTful API Reverse shell as a service (Pop a reverse shell without remembering idle commands) Download/Upload file with progress bar Full interactive shell Using vim gracefully in reverse shell Using CTRL+C and CTRL+Z in reverse shell Changelog v1.3.1 1. Fix version error in v1.3.0 2. Make version checking configurable [hide][Hidden Content]]
  7. Platypus A modern multiple reverse shell sessions/clients manager via terminal written in go Features Multiple service listening port Multiple client connections RESTful API Reverse shell as a service (Pop a reverse shell without remembering idle commands) Download/Upload file with progress bar Full interactive shell Using vim gracefully in reverse shell Using CTRL+C and CTRL+Z in reverse shell Changelog v1.2.9 1. Add `Alias` command which gives a session a human friendly name 2. Solve conflicts on the sessions from the same machine 3. Direct nohup output to /dev/null [hide][Hidden Content]]
  8. ConPtyShell is a Fully Interactive Reverse Shell for Windows systems. The introduction of the Pseudo Console (ConPty) in Windows has improved so much the way Windows handles terminals. ConPtyShell uses this feature to literally transform your bash in a remote powershell. Briefly, it creates a Pseudo Console and attaches 2 pipes. Then it creates the shell process (default powershell.exe) attaching the Pseudo Console with redirected input/output. Then starts 2 Threads for Async I/O: – one thread for reading from the socket and writing to Pseudo Console input pipe; – the second thread for reading from the Pseudo Console output pipe and writing to the socket. ConPtyShell isn’t an “Upgrade to fully interactive” method for your reverse shell, just use it as your reverse shell If you want to know further information regarding ConPty you can find a great article [1] in the references section. NOTE: ConPtyShell uses the function CreatePseudoConsole(). This function is available since Windows 10 / Windows Server 2019 version 1809 (build 10.0.17763). Changelog v1.3 Added Added a magic flag “upgrade” that allows to upgrade the current shell in a fully interactive shell. It uses Socket Hijacking technique to catch the socket used by the shell enhancing it with the ConPty. Changes Changed the usage of the sockets, going from C# sockets to native Winsock [hide][Hidden Content]]
  9. Secure Shell Bruteforcer — A faster & simpler way to bruteforce SSH server [hide][Hidden Content]]
  10. itsMe

    X-code PHP Shell v0.2

    Remote shell Web Server [hide][Hidden Content]]
  11. itsMe

    NukeShell - Reverse shell

    Features Connection is encrypted using random RSA + AES key Multiple clients support Execute shell commands Download/Upload files Take screenshot Cross platform [hide][Hidden Content]]
  12. itsMe

    Keylogger + Reverse Shell

    Makeing web based Android Keylogger & Android Reverse Shell with netcat configuration. Here is the source code of an android application which is help to hack victim Mobile Shell connection via netcat & capture victim key strokes via http server in one Application. [hide][Hidden Content]]
  13. JSshell – a JavaScript reverse shell. This using to exploit XSS remotely, help to find blind XSS, … This tool works for both Unix and Windows operating system and it can be running with both Python 2 and Python 3. This is a big update of JShell – a tool to get a JavaScript shell with XSS by s0med3v. JSshell also doesn’t require Netcat (different from other javascript shells). New in JSshell version 2.9 Updated in the new version of JShell 2.9: New JSshell command: cookie -> allows to view the cookies of the current user who established the shell Support javascript function: Fixed some bugs [hide][Hidden Content]]
  14. This project is a simple collection of various shellcode injection techniques, aiming to streamline the process of endpoint detection evaluation, besides challenging myself to get into the Golang world. [hide][Hidden Content]]
  15. Features Connection is encrypted using random RSA + AES key Multiple clients support Execute shell commands Download/Upload files Take screenshot Cross platform [hide][Hidden Content]]
  16. HTTP-revshell - Powershell Reverse Shell Using HTTP/S Protocol With AMSI Bypass And Proxy Aware HTTP-revshell is a tool focused on redteam exercises and pentesters. This tool provides a reverse connection through the http/s protocol. It use a covert channel to gain control over the victim machine through web requests and thus evade solutions such as IDS, IPS and AV. Features SSL Proxy Aware Upload Function Download Function Error Control AMSI bypass Multiple sessions [only server-multisession.py] Autocomplete PowerShell functions (optional) [only server.py] [hide][Hidden Content]]
  17. Can someone help me with tolls to auto upload shell to sites and small guidance on how to do it properly. I also need a tool for ssh cracking/brute force
  18. ShellGen (Shell Generator) This is a simple script that will generate a specific or all shellcodes for CTFs using the VPN IP address on tun0 (the IPv4). INFORMATION Update has been made from sys library to argparse library (done in version 0.8) [hide][Hidden Content]]
  19. USE THIS TOOL ONLY FOR EDUCATIONAL PURPOSE.DONT USE FOR ILLEGAL PURPOSE . THIS TOOL CAN BYPASS MAJORITY OF ANTIVIRUS EVEN WINDOWS DEFENDER CHANGE IP AND PORT IN SHELL GAIN AND LISTENER.PY FILE.PLEASE DONT UPLOAD IN VIRUSTOTAL [HIDE][Hidden Content]]
  20. JSshell - A JavaScript Reverse Shell For Exploiting XSS Remotely Or Finding Blind XSS, Working With Both Unix And Windows OS JSshell - a JavaScript reverse shell. This using for exploit XSS remotely, help to find blind XSS, ... This tool works for both Unix and Windows operating system and it can running with both Python 2 and Python 3. This is a big update of JShell - a tool to get a JavaScript shell with XSS by s0med3v. JSshell also doesn't require Netcat (different from other javascript shells). [HIDE][Hidden Content]]
  21. itsMe

    Jex Bot V5 | Auto Shell Bot

    JEX V5 [PRO] ~All Exploits Re-Coded and added New Firewall bypass methods for GET 100% Results [HIDE] Download: [Hidden Content]]
  22. A modern multiple reverse shell sessions/clients manager via terminal written in go Features Multiple service listening port Multiple client connections RESTful API Reverse shell as a service (Pop a reverse shell without remembering idle commands) Download/Upload file with progress bar Full interactive shell Using vim gracefully in reverse shell Using CTRL+C and CTRL+Z in reverse shell [HIDE][Hidden Content]]
  23. About: Read Folder and File in server and can you edit file or change chmod of file or dir [HIDE][Hidden Content]]
  24. Read the license before using any part from this code Reverse Shell in Shortcut File (.lnk) How it works? Shortcut file (Microsoft Windows 9.x) LNK is a file extension for a shortcut file used by Microsoft Windows to point to an executable file. LNK stands for LiNK. Shortcut files are used as a direct link to an executable file, instead of having to navigate to the executable. LNK files contain some basic properties, such as the path to the executable file and the “Start-In” directory. LNK files use a curled arrow to indicate they are shortcuts, and the file extension is hidden (even after disabling “Hide Extensions for Known File Types” in Windows Explorer). The script creates a .lnk file that points to the user's "cmd.exe" file (located in the default folder C:\Windows\System32\cmd.exe) to run a reverse shell through arguments. Features: Reverse TCP Port Forwarding using Ngrok.io [HIDE][Hidden Content]]
  25. JATAYU Stealthy Stand-Alone PHP Web Shell FEATURES Http Header Based Authentication. 100% Undetectable. Exec Function Changer. Nothing Fancy [HIDE][Hidden Content]]