albedo
Yo dawg I heard you love End-to-End Encryption.
description
End-to-End Encrypted webshell for lulz and annoyance.
Implementated with Cryptopost class from the following reference package:
https://www.phpclasses.org/package/9912-PHP-Encrypt-and-decrypt-forms-with-AES-and-RSA.html
Full description is available above.
Simple PHP webshell that uses the system function to execute command, taken from:
webshells/php/simple-backdoor.php in Kali.
misc
Inspired from projects that has E2EE implementation for financial instituitions that have to abide to some regulations (Singapore MAS).
usage
- Find a vulnerable server that has an exploitable file upload feature
- Upload the PHP backdoor
- Enjoy your encrypted POST request webshell
to-do list
- Add pictures to h2ck3r-m1ze it
- Add authentication to the backdoor
- Add obfuscation on the PHP code
- Clean up unnecessary JavaScript code
- openssl.cnf file to be in a PHP variable instead of writing to /tmp folder
- Add jsp support