changelog Version 2.3.0 (IN DEVELOPMENT):
+ Fix issue #9 (small bug in api.payload.Payload())
+ lrun command is now able to change PWD (issue #10)
+ Remove deprecated lcd and lpwd commands.
+ Fix some small bugs and documentation misspells.
+ Fix issue #6 (*_proxy env var handling through http tunnel).
+ All settings can now be reset with set <VAR> %%DEFAULT%%
+ Add full backward compatibility with older phpsploit session files.
+ Fix issue #1 (the ls plugin leaves at first invalid path)
+ Fix no existing file in datatypes/Path
+ Fix issue #5 – Add a ‘–browser’ option to phpinfo plugin for html display. ### Version 2.2.0b (2014-08-09)
+ Rewritten the whole PhpSploit framework in python 3 with new skeleton.
+ The system have been renamed into run.
+ Add corectl command, which includes some core debugging utils.
+ TEXTEDITOR setting has been renamed to EDITOR.
+ WEBBROWSER setting has been renamed to BROWSER.
+ The infect command has been removed, its role is now taken by exploit.
+ The new session command now manages the old load and save commands.
+ The set command now supplies a new keyword (“+”) for line appending.
+ Any setting now suports random choice from multiple values, with the new set command’s + keyword, that uses SettingVar class as data wrapper.
+ The eval command has been replaced by source, more restrictive.
+ The lastcmd command has been replaced by backlog, more simple.
+ The phpsploit source code has moved to ./src/ directory.
+ Plugins path is now available at root directory.
+ User plugins can now overwrite core plugins (~/.phpsploit/plugins/)
PhpSploit is a remote control framework, aiming to provide a stealth interactive shell-like connection over HTTP between client and web server. It is a post-exploitation tool capable to maintain access to a compromised web server for privilege escalation purposes.
–Efficient: More than 20 plugins to automate post-exploitation tasks
+ Run commands and browse filesystem, bypassing PHP security restrictions
+ Upload/Download files between client and target
+ Edit remote files through local text editor
+ Run SQL console on target system
+ Spawn reverse TCP shells
–Stealth: The framework is made by paranoids, for paranoids
+ Nearly invisible by log analysis and NIDS signature detection
+ Safe-mode and common PHP security restrictions bypass
+ Communications are hidden in HTTP Headers
+ Loaded payloads are obfuscated to bypass NIDS
+ http/https/socks4/socks5 Proxy support
–Convenient: A robust interface with many crucial features
+ Cross-platform on both the client and the server.
+ Powerful interface with completion and multi-command support
+ Session saving/loading feature, with persistent history
+ Multi-request support for large payloads (such as uploads)
+ Provides a powerful, highly configurable settings engine
+ Each setting, such as user-agent has a polymorphic mode
+ Customisable environment variables for plugin interaction
+ Provides a complete plugin development API
installation & usage:
git clone https://github.com/nil0x42/phpsploit && cd phpsploit