Skip to content

bismuthsalamander/PHPstachio

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
README.md
README.md
 
 
generate.php
generate.php
 
 
shelltemplate.php
shelltemplate.php
 
 
wrapper.php
wrapper.php
 
 

Repository files navigation

PHPstachio

Encrypted PHP web shell generator. Requires openssl on the machine that generates the shell and on the target machine. Tested on Win64 and Kali.

Usage:

git clone https://github.com/bismuthsalamander/PHPstachio/
cd PHPstachio
php generate.php #enter password when asked
#copy web shell to target web server, visit page in browser and type password

The web shell is encrypted using AES-256 in CTR mode. The encryption key is derived from your password and a random salt.

It's inconvenient for the user to retype their password on every request, but it's a bit dangerous to send the password back to the browser in an <input type="hidden"> element. Therefore, the password is stored in the browser in sessionStorage and automatically populated into the form when the web shell is rendered.

Possible to-dos include adding some more obfuscation to the final shell and supporting file downloads over HTTP (i.e., built-in wget).

About

Encrypted PHP web shell

Resources

Readme
Activity

Stars

4 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages