shellcomm-php: Communicate with a remote shell easily
ShellComm is a simple interactive CLI remote shell communicator. Sometimes, during a pentest, you get to upload a shell but you can’t upload a heavy, complex one for whatever reason. In those situations, you can simply upload the tiniest shell-like
<?php echo system($_GET['cmd']); and use this tool to comfortably communicate with it.
It handles command encoding, http error codes, has cool colors and is very simple. You can also use the tiny version, which is a single file with the same functionalities if you feel more comfortable with that.
Do note that, for the moment, it communicates via GET requests, which are surely being logged at the server. Improvements are welcome, which include:
- Using other methods besides GET, like POST or HEAD maybe.
- Encrypting sent command.
- PHP 5.4+
Note: it has been tested only in Linux (Debian 9).
Download a release, verify its signature and run
php shellcomm.php, or at your preference,
php shellcomm-tiny.php. Run it at your local machine, not at the remote one!.
I’m not to be held responsible for whatever usage you give to this tool.
Also, I sacrifice some programmatic things, like using Composer, to keep it somewhat simple.
Can I hack X with this?
No, you can’t. This is just a tool to establish communications with a shell. How and where to get one is up to you.
Should I upload this to the remote server?
No, this is not a shell, just a tool to establish communications with a shell. Use it on your local machine.
Does it execute automatic exploits or stuff like that?
No, it does absolutely nothing besides sending the command directly to the remote shell. Use your brains, skills and other tools.
ShellComm is made by HacKan.