[homepage]https://github.com/nil0x42/phpsploit[/homepage]
[tags]exploits,backdoor,shell,framework,c2c[/tags]
[short_descr]Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor.[/short_descr]
[long_descr]The obfuscated communication is accomplished using HTTP headers under standard client requests and web server's relative responses, tunneled through a tiny polymorphic backdoor.
Efficient: More than 20 plugins to automate privilege-escalation tasks
Run commands and browse filesystem, bypassing PHP security restrictions
Upload/Download files between client and target
Edit remote files through local text editor
Run SQL console on target system
Spawn reverse TCP shells
Stealth: The framework is made by paranoids, for paranoids
Nearly invisible by log analysis and NIDS signature detection
Safe-mode and common PHP security restrictions bypass
Communications are hidden in HTTP Headers
Loaded payloads are obfuscated to bypass NIDS
http/https/socks4/socks5 Proxy support
Convenient: A robust interface with many crucial features
Detailed help for any option (help command)
Cross-platform on both client and server.
CLI supports auto-completion & multi-command
Session saving/loading feature & persistent history
Multi-request support for large payloads (such as uploads)
Provides a powerful, highly configurable settings engine
Each setting, such as user-agent has a polymorphic mode
Customisable environment variables for plugin interaction
[homepage]https://github.com/nil0x42/phpsploit[/homepage] [tags]exploits,backdoor,shell,framework,c2c[/tags] [short_descr]Full-featured C2 framework which silently persists on webserver with a single-line PHP backdoor.[/short_descr] [long_descr]The obfuscated communication is accomplished using HTTP headers under standard client requests and web server's relative responses, tunneled through a tiny polymorphic backdoor.
Efficient: More than 20 plugins to automate privilege-escalation tasks
Run commands and browse filesystem, bypassing PHP security restrictions
Upload/Download files between client and target
Edit remote files through local text editor
Run SQL console on target system
Spawn reverse TCP shells
Stealth: The framework is made by paranoids, for paranoids
Nearly invisible by log analysis and NIDS signature detection
Safe-mode and common PHP security restrictions bypass
Communications are hidden in HTTP Headers
Loaded payloads are obfuscated to bypass NIDS
http/https/socks4/socks5 Proxy support
Convenient: A robust interface with many crucial features
Detailed help for any option (help command)
Cross-platform on both client and server.
CLI supports auto-completion & multi-command
Session saving/loading feature & persistent history
Multi-request support for large payloads (such as uploads)
Provides a powerful, highly configurable settings engine
Each setting, such as user-agent has a polymorphic mode
Customisable environment variables for plugin interaction
Provides a complete plugin development API[/long_descr] [image]https://raw.githubusercontent.com/gwen001/offsectools_www/main/d239ff67956caa050b67b0130c8a8418.png[/image]