22 lines
938 B
Markdown
22 lines
938 B
Markdown
> Moved to https://github.com/z0noxz/mando.me
|
|
|
|
***
|
|
|
|
# smplshllctrlr
|
|
PHP Command Injection exploitation tool
|
|
|
|
1. Exploit web page and upload simple-shell.php (or simply find an existing exploitable command injection).
|
|
2. Execute the controller to exploit the command injection vulnerability.
|
|
The controller is simply a command injection exploitation tool, and can therefore with a few adjustments be rewritten to exploit allready existing vulnerabilities without the need for uploading the 'simple-shell.php'.
|
|
|
|
### Featuers (so far)
|
|
1. File upload
|
|
2. File download
|
|
3. Normal terminal commands (excluding prompts e.g. password)
|
|
4. Meterpreter reverse shell injection
|
|
|
|
### DISCLAIMER:
|
|
You shall not misuse this tool to gain unauthorized access.
|
|
This tool should only be used to expand knowledge, and not for causing malicious or damaging attacks.
|
|
Performing any attacks without written permission from the owner of the system is illegal.
|