A terminal based web shell controller

Related tags

Security related resourcesshell-hack
Overview

shell-hack

Tribute to Chinese ant sword;

A Powerful terminal based webshell controller;

Usage :

Usage : 
        python3 shell-hack.py --url [URL] --way [METHOD] --pwd[AUTH]
        python3 shell-hack.py --shell create --pwd [AUTH]
        (Generate kill free webshell)
Example : 
        python3 shell-hack.py --url http://challenge-d1e1be944a48fd8c.sandbox.ctfhub.com:10800/backdoor/ --way post --pwd ant
Author : 
        s1mple-SUer QQ:3513582223 Wei:w_s1mple
        
If you have connected to webshell:
===>get info(get the information from server)
===>bypass(see the bypass ways)
===>readfile(read the file from server)
===>downfile(download file from server)
===>reshell(Have a rebound shell)
===>portscan(scan the port from server)
===>mysql(connect to the mysql and Execute SQL code)

Installation:

git clone https://github.com/s1mple-top/shell-hack
cd shell-hack
python3 shell-hack.py

Compatibility :

Enviroment :
    Attacker :
        Linux;macos;windows;Unix-like
        python3(My Python version 3.8.2)
    Attacked server:The best state is linux or unix-like; there will be some restrictions under windows

Realize function

1. Generate a kill free shell; (it is not ruled out that some cannot be exceeded. 2. Automatically bypass the restrictions according to the system restrictions to read files; 3. Obtain probe execution commands; 4. Automatically spy and automatically select available functions for execution; 5. Database connection operation; 6. Obtain sensitive information on the server; 7. One click rebound shell; 8. Download files; 9. Scan ports; 10. Bypass deep-seated disable_functions

Operation effect diagram:

Effect drawing of initial operation:

4lWEt0.png

Connection success effect:

4lWs4P.png

bypass some disable_functions:(Full automatic bypass)

4l4ujS.png

Connect to the mysql:

4lTS5d.png

reshell:

4lHQBT.png

Contributors:

s1mple from SU;

remarks:

Tools are always tools, which will have some limitations; If you want to better learn security knowledge, you need to understand the vulnerability principle and trigger mechanism; Tools are only used by the supplier; Should not rely on;

importance:

Note that this script is not for the services enabled by phpstudy, because the local php environment is required to get the version at the beginning, otherwise an error will be reported; The phpstudy cannot use the local terminal to execute php -v;Fortunately, almost no problem or actual environment runs on phpstudy;In addition, this script is somewhat limited in its function under windows

Owner
s1mple
s1mple
GitHub Repository
macOS persistence tool

PoisonApple Command-line tool to perform various persistence mechanism techniques on macOS. This tool was designed to be used by threat hunters for cy

Cyborg Security, Inc 212 Dec 29, 2022
Discord Region Swapping Exploit (VC Overload)

Discord-VC-Exploit Discord Region Swapping Exploit (VC Overload) aka VC Crasher How does this work? Discord has multiple servers that lets people arou

Rainn 11 Sep 10, 2022
Small python script to look for common vulnerabilities on SMTP server.

BrokenSMTP BrokenSMTP is a python3 BugBounty/Pentesting tool to look for common vulnerabilities on SMTP server. Supported Vulnerability : Spoofing - T

39 Dec 16, 2022
Port scanner tool with easy installation

ort scanner tool with easy installation! Python programming language is used and The text in the program is Georgian 3

2 Mar 24, 2022
CVE-2021-36798 Exp: Cobalt Strike < 4.4 Dos

A denial of service (DoS) vulnerability (CVE-2021-36798) was found in Cobalt Strike. The vulnerability was fixed in the scope of the 4.4 release. More

104 Nov 09, 2022
"Video Moment Retrieval from Text Queries via Single Frame Annotation" in SIGIR 2022.

ViGA: Video moment retrieval via Glance Annotation This is the official repository of the paper "Video Moment Retrieval from Text Queries via Single F

Ran Cui 38 Dec 31, 2022
A script based on sqlmap that uses sql injection vulnerabilities to traverse the existence of a file

A script based on sqlmap that uses sql injection vulnerabilities to traverse the existence o

2 Nov 09, 2022
Uncover the full name of a target on Linkedin.

Revealin Uncover the full name of a target on Linkedin. It's just a little PoC exploiting a design flaw. Useful for OSINT. Screenshot Usage $ git clon

mxrch 129 Dec 21, 2022
the swiss army knife in the hash field. fast, reliable and easy to use

hexxus Hexxus is a fast hash cracking tool which checks more than 30 thousand passwords in under 4 seconds and can crack the following types bcrypt sh

enigma146 17 Apr 05, 2022
Phishing-Crack tools to punish friends

Phishing-Crack Phishing Tool Version 1.0.0 Created By temirovazat A Phishing Tool With PHP and Python3 Features Fake Instagram Phishing Page Fake Face

3 Oct 04, 2022
CVE 2020-14871 Solaris exploit

CVE 2020-14871 Solaris exploit This is a basic ROP based exploit for CVE 2020-14871. CVE 2020-14871 is a vulnerability in Sun Solaris systems. The act

Robin Massink 2 Oct 25, 2022
Python program that generates secure passwords.

Python program that generates secure passwords. The user has the option to select the length of the password, amount of passwords,

4 Dec 07, 2021
Provides script to download and format public IP lists related to the Log4j exploit.

Provides script to download and format public IP lists related to the Log4j exploit. Current format includes: plain list, Cisco ASA Network Group.

Gianluca Ulivi 1 Jan 02, 2022
Password List Creator Simple !

Password List Creator Simple !

MR.D3F417 4 Jan 27, 2022
Downloads SEP, Baseband and BuildManifest automatically for signed iOS version's for connected iDevice

FutureHelper Supports macOS and Windows Downloads SEP, Baseband and BuildManifest automatically for signed iOS version's (including beta firmwares) fo

Kasim Hussain 7 Jan 05, 2023
Generate obfuscated meterpreter shells

Generator Evade AV with obfuscated payloads Installation must install dotnet prior to running the script with net45 Running ./generator.py -ip Your-I

Fawaz Al-Mutairi 219 Nov 28, 2022
The Multi-Tool Web Vulnerability Scanner.

🟥 RapidScan v1.2 - The Multi-Tool Web Vulnerability Scanner RapidScan has been ported to Python3 i.e. v1.2. The Python2.7 codebase is available on v1

skavngr 1.3k Dec 31, 2022
NFC Implant-base RSA Encrypted Messagging application

Encrypted messaging application with the use of MIFARE DESfire chip to store the private/public keys needed for the application authentication

4 Nov 06, 2021
Gitlab RCE - Remote Code Execution

Gitlab RCE - Remote Code Execution RCE for old gitlab version = 11.4.7 & 12.4.0-12.8.1 LFI for old gitlab versions 10.4 - 12.8.1 This is an exploit f

153 Nov 09, 2022
A curated list of amazingly awesome Cybersecurity datasets

A curated list of amazingly awesome Cybersecurity datasets

758 Dec 28, 2022