phpbash

edited November 2017 in Tools

phpbash is a fairly simple script I wrote to help with many of the lab machines. It is a php and javascript-based full-screen shell, which uses the Kali terminal colors in the design. It does not yet work with interactive commands, but it is much more user friendly than dropping a file with <?php echo system($_GET['cmd']); ?> on a target and running commands one at a time. It is especially useful for gaining access to machines that prevent typical reverse shells from running.

Github: https://github.com/Arrexel/phpbash

phpbash

phpbash

Arrexel

Comments

  • Beautiful piece of work @Arrexel
    Would be pure awesomeness if you added support for command history with up/down arrows and tab-completion!

    Hack The Box

  • @eks said:
    Beautiful piece of work @Arrexel
    Would be pure awesomeness if you added support for command history with up/down arrows and tab-completion!

    I second this statement.

    Awesome work in the meantime though. Thanks for the contribution!

    likwidsec

  • edited December 2017

    @eks said:
    Beautiful piece of work @Arrexel
    Would be pure awesomeness if you added support for command history with up/down arrows and tab-completion!

    It's already on the to-do list ;) might add it tonight if I have time

    Added

    Arrexel

  • Why doesnt nc/netcat work in phpbash? Or should it?

    Hack The Box

  • edited December 2017

    @shiva108 said:
    Why doesnt nc/netcat work in phpbash? Or should it?

    It seems to work for me.
    Maybe its the netcat from openbsd package without the -e option (you will find ways around it) or your target has firewall rules to prevent a reverse / bind shell.

    ms1028

  • Awesome work Arrexel!

    Hack The Box

  • this is great. Thanks

  • Awesome!
    Thanks

  • Just added an upload command (which opens the file selection dialog).

    phpbash now properly escapes console output, so cat'ing html/php files no longer causes code execution.

    Further improved directory navigation. cd - now goes to previous directory, and cd with no arguments goes to the default shell directory.

    Arrexel

  • Wow @Arrexel, this script is awesome!! Very nicely written code. I enjoyed reading :)

  • Awesome sauce good sir!

    Apologies to the small mass of folks who have wrote to me over the last 3-4 months. I've been on hiatus from HTB until very recently.

    Imagel

  • Awesome tool! Especially with the new update. Definitely beats changing a GET variable everytime I want to run a new command.

    By the way, did you make Bashed just to advertise this?

    berninator
    Out of practice OSCP

  • @berninator said:
    Awesome tool! Especially with the new update. Definitely beats changing a GET variable everytime I want to run a new command.

    By the way, did you make Bashed just to advertise this?

    Nope! We needed an easy box so I threw it together fairly quickly, as there were only hard/insane submissions in the queue at the time. I actually got the idea for bashed because I forgot a copy on my development server lol.

    Arrexel

  • @Arrexel said:
    Nope! We needed an easy box so I threw it together fairly quickly, as there were only hard/insane submissions in the queue at the time. I actually got the idea for bashed because I forgot a copy on my development server lol.

    Haha at least it wasn't a production server. Then again, I could imagine something like that happening in the real world.

    And we definitely need a some more easy boxes. Everyone wants to be the one to show off their super niche stego or enumeration technique on their boxes. But I'm sure our newer members would appreciate some more straight forward challenges.

    berninator
    Out of practice OSCP

  • @berninator said:

    @Arrexel said:
    Nope! We needed an easy box so I threw it together fairly quickly, as there were only hard/insane submissions in the queue at the time. I actually got the idea for bashed because I forgot a copy on my development server lol.

    Haha at least it wasn't a production server. Then again, I could imagine something like that happening in the real world.

    And we definitely need a some more easy boxes. Everyone wants to be the one to show off their super niche stego or enumeration technique on their boxes. But I'm sure our newer members would appreciate some more straight forward challenges.

    Yes please!

  • Actually a great idea for a script. I was thinking today about thinking is it possible to script a console/shell that you can embed in a website.

  • Yea, it is a cool idea and phpbash is a nice implementation of this idea. Similar shells are available for other technologies too, for example I used this for one Windows machine here: https://github.com/tennc/webshell/blob/master/fuzzdb-webshell/asp/cmd.aspx

    These can be quite handy.

    And I agree that this is a nice "vulnerability" on a beginner machine. Easy way to get started when you have no idea what you are doing.

    lokori

  • edited July 31

    Works really nice man. It chews up long commands just fine. Great work!

    I haven't really looked into the sourcecode too deep, but you may have a quick answer to it:
    There are two things I'm wondering about. Here's two usecases, just type the commands in the shell:

    ** 2> /dev/null **

    find / -iname whatever 2> /dev/null

    Note the '2> /dev/null' got lost along the way. Which makes using a find function a bit harder, having to pipe it into grep

    ** small ease of use **

    I guess it would be handy if a key is pressed, the cursor/output goes to the inputbox, not the output screen.

    --

    small odd thing, but doesn't matter too much, it's just a bit unexpected:
    test="some"
    echo $test

    Note it doesn't output anything. You have any idea why that wouldn't work?

    --

    Anyway, these are not intended as feature requests, unless you see value in them yourself. I might add them myself one day if you'd rather not.

    The shell is really helpful as it is. Thank you for the work and for sharing it with us.

Sign In to comment.