phpsploit
Stealth post-exploitation framework providing an interactive shell-like connection over HTTP between client and web server. It maintains access to compromised web servers for privilege escalation.
Description
phpsploit is a remote control framework designed for stealthy post-exploitation on compromised web servers. It establishes an interactive shell-like connection over HTTP, ensuring minimal detection while allowing persistent access.
The tool is particularly useful after initial exploitation of a web application, enabling operators to maintain control and escalate privileges without relying on traditional backdoors that might be easily detected.
It supports session management, configuration customization, and non-interactive command execution, making it versatile for automated or scripted post-exploitation tasks.
How It Works
phpsploit operates by creating a stealthy HTTP-based communication channel between the client and a compromised web server. It leverages PHP on the server side to handle commands and responses, using techniques like HTTP tunneling to mimic legitimate web traffic. Dependencies such as python3-phpserialize enable PHP object serialization/deserialization for command execution, while proxies and socks support evasion through network intermediaries.
Installation
sudo apt install phpsploitFlags
Examples
phpsploit -hphpsploit -vphpsploit -c config.iniphpsploit -l session.phpsploitphpsploit -t http://target.com/shell.phpphpsploit -s commands.txtphpsploit -e 'help'phpsploit -t http://target.com/shell.php -i