This is a simple Post-exploitation PHP Exec Shell that I wish to expand upon. It is only text, no images, or pulled scripts, etc. Just one single file. I have added support for traversing directories that are listed by ls commands and even cat for files listed. This shell comes with WEAKERTHAN Linux 6+

Here is a screenshot of the interface with a simple ls command on an exploited server. Click on the image to view it full sized.

Here is a screenshot of simple file contents. Click on the image to view it full sized.

And here is what the file looks like when the user clicks "Download File". Click on the image to view it full sized.


A screenshot showing how to access the ARIN query that is generated using PHP. Click on the image to view it full sized.


A screenshot showing how to access the Exploit-DB query that is generated using PHP. Click on the image to view it full sized.


A screenshot showing off the PHP generaqted link for the Google "site:<target>" search. Click on the image to view it full sized.

• Detailed Server information with each request in the top right-hand div
• Translation of HTML characters, to display strings exactly as they are in the file
• Traverse directories by simply clicking on the magnifying glass icons
• Show file contents by simply clicking on the cat icons
• HTTP POST method for passing commands to slightly obfuscate the attackers commands from logs
• Commands can be typed into the shell at the bottom of the application / listed above output in highlight
• Download the file without making another call to the server
• Choose method of PHP execution from the functions exec(), shell_exec(), passthru(), and system()
• (OSINT) ARIN WHOIS lookup
• Exploit-DB exploit Search
• Email for server administrator
• Google "site:<target>" link generated with PHP

• Mobile responsive CSS design
• Add more methods of execution (PHP, exec, system, passthru, etc)
• Add more viewing functionality
• Add local SQL (HTML5) functionality
• Download functionality using PHP
• Upload functionality using PHP
• Built-Ins (OSINT)

Once a web service has been exploited simply upload the shell, by means of internal (wget/fetch), SQL Injection, etc and then simply access it from the browser. Your shell will have whatever rights that the web service deamon is running as.