phpbash

awesome

Beautiful piece of work @Arrexel
Would be pure awesomeness if you added support for command history with up/down arrows and tab-completion!

@eks said:
Beautiful piece of work @Arrexel
Would be pure awesomeness if you added support for command history with up/down arrows and tab-completion!

I second this statement.

Awesome work in the meantime though. Thanks for the contribution!

@eks said:
Beautiful piece of work @Arrexel
Would be pure awesomeness if you added support for command history with up/down arrows and tab-completion!

It’s already on the to-do list :wink: might add it tonight if I have time

Added

Why doesnt nc/netcat work in phpbash? Or should it?

@shiva108 said:
Why doesnt nc/netcat work in phpbash? Or should it?

It seems to work for me.
Maybe its the netcat from openbsd package without the -e option (you will find ways around it) or your target has firewall rules to prevent a reverse / bind shell.

Awesome work Arrexel!

this is great. Thanks

Awesome!
Thanks

Just added an upload command (which opens the file selection dialog).

phpbash now properly escapes console output, so cat’ing html/php files no longer causes code execution.

Further improved directory navigation. cd - now goes to previous directory, and cd with no arguments goes to the default shell directory.

Wow @Arrexel, this script is awesome!! Very nicely written code. I enjoyed reading :slight_smile:

Awesome sauce good sir!

Awesome tool! Especially with the new update. Definitely beats changing a GET variable everytime I want to run a new command.

By the way, did you make Bashed just to advertise this?

@berninator said:
Awesome tool! Especially with the new update. Definitely beats changing a GET variable everytime I want to run a new command.

By the way, did you make Bashed just to advertise this?

Nope! We needed an easy box so I threw it together fairly quickly, as there were only hard/insane submissions in the queue at the time. I actually got the idea for bashed because I forgot a copy on my development server lol.

@Arrexel said:
Nope! We needed an easy box so I threw it together fairly quickly, as there were only hard/insane submissions in the queue at the time. I actually got the idea for bashed because I forgot a copy on my development server lol.

Haha at least it wasn’t a production server. Then again, I could imagine something like that happening in the real world.

And we definitely need a some more easy boxes. Everyone wants to be the one to show off their super niche stego or enumeration technique on their boxes. But I’m sure our newer members would appreciate some more straight forward challenges.

@berninator said:

@Arrexel said:
Nope! We needed an easy box so I threw it together fairly quickly, as there were only hard/insane submissions in the queue at the time. I actually got the idea for bashed because I forgot a copy on my development server lol.

Haha at least it wasn’t a production server. Then again, I could imagine something like that happening in the real world.

And we definitely need a some more easy boxes. Everyone wants to be the one to show off their super niche stego or enumeration technique on their boxes. But I’m sure our newer members would appreciate some more straight forward challenges.

Yes please!

Actually a great idea for a script. I was thinking today about thinking is it possible to script a console/shell that you can embed in a website.

Yea, it is a cool idea and phpbash is a nice implementation of this idea. Similar shells are available for other technologies too, for example I used this for one Windows machine here: webshell/cmd.aspx at master · tennc/webshell · GitHub

These can be quite handy.

And I agree that this is a nice “vulnerability” on a beginner machine. Easy way to get started when you have no idea what you are doing.

Works really nice man. It chews up long commands just fine. Great work!

I haven’t really looked into the sourcecode too deep, but you may have a quick answer to it:
There are two things I’m wondering about. Here’s two usecases, just type the commands in the shell:

** 2> /dev/null **

find / -iname whatever 2> /dev/null

Note the ‘2> /dev/null’ got lost along the way. Which makes using a find function a bit harder, having to pipe it into grep

** small ease of use **

I guess it would be handy if a key is pressed, the cursor/output goes to the inputbox, not the output screen.

small odd thing, but doesn’t matter too much, it’s just a bit unexpected:
test=“some”
echo $test

Note it doesn’t output anything. You have any idea why that wouldn’t work?

Anyway, these are not intended as feature requests, unless you see value in them yourself. I might add them myself one day if you’d rather not.

The shell is really helpful as it is. Thank you for the work and for sharing it with us.

I ended up rewriting this web shell idea as a burp plugin. If some conditions are met, it will offers tab-completion, command history and persistence… just by leveraging an OS Command injection vulnerability and without the need of uploading a web shell or creating a bind or reverse shell.

Burp Shell Demo

You can find the plugin here:

You can find the article describing its use and principles here: