2017-09-25 18:42 UTC

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0001097Kali Linux[All Projects] New Tool Requestspublic2017-07-18 14:30
Reporterg0tmi1k 
Assigned Tosbrun 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusresolvedResolutionfixed 
Product Version 
Target VersionFixed in Version2017.2 
Summary0001097: b374k 3.2.3 - PHP web shell
DescriptionName: b374k shell
Version: 3.2.3
Homepage: https://github.com/b374k/b374k
Download: https://github.com/b374k/b374k/archive/v3.2.3.tar.gz
License: MIT

Description: This PHP Shell is a useful tool for system or web administrator to do remote management without using cpanel, connecting using ssh, ftp etc. All actions take place within a web browser.

Features:
* File manager (view, edit, rename, delete, upload, download, archiver, etc)
* Search file, file content, folder (also using regex)
* Command execution
* Script execution (php, perl, python, ruby, java, node.js, c)
* Give you shell via bind/reverse shell connect
* Simple packet crafter
* Connect to DBMS (mysql, mssql, oracle, sqlite, postgresql, and many more using ODBC or PDO)
* SQL Explorer
* Process list/Task manager
* Send mail with attachment (you can attach local file on server)
* String conversion
* All of that only in 1 file, no installation needed
* Support PHP > 4.3.3 and PHP 5



It also supports customisation, allowing you to re-build with personalised modifications.
Additional InformationThere is already a selection of (php) web shells, in /usr/share/webshells/php by default. However, these are very 'simple'.
b374k has various improved features (such has the database support - making it much easier to navigate), as well as other new features (e.g. information gathering, creating other bind/reverse shells, process manager).


Shells like this, such as c99, r57, wso2 web shells have gotten bad press over the years by how they have been used and abused. However, I choose this shell to be submitted because its:
* Been activity developed,
* There is an 'official homepage',
* It hasn't been modified/encoded to include a 'backdoor',
* The features that it offers (all of which could be used in a CTF, pentest, or remote network admin).
* The features thats are 'missing' when compared to other web shells (e.g. there IS NOT a; email bomber/DoS/DDoS/Botnet - these are not normally used in a typical pentest)
Attached Files

-Relationships
+Relationships

-Notes

~0006647

g0tmi1k (administrator)

Not sure if to package it as something new, or put it in "/usr/share/webshells/"

~0006827

sbrun (manager)

I packaged it separatly in a new package b374k
The version 3.2.3-0kali1 is now in kali-rolling
It's in /usr/share/b374k/
We don't provide a b374k.php. It's better if the user creates his own "b374k.php" with his own password.
The documentation is in /usr/share/doc/b374K

~0006927

g0tmi1k (administrator)

This is missing a entry in the Kali menu.
+Notes

-Issue History
Date Modified Username Field Change
2014-03-18 22:37 g0tmi1k New Issue
2014-03-18 22:38 g0tmi1k Description Updated View Revisions
2016-09-18 12:03 g0tmi1k Summary b374k - PHP web shell => b374k 3.2.3 - PHP web shell
2016-09-18 12:03 g0tmi1k Description Updated View Revisions
2017-05-09 10:37 g0tmi1k Note Added: 0006647
2017-05-31 13:41 sbrun Assigned To => sbrun
2017-05-31 13:41 sbrun Status new => assigned
2017-06-15 14:33 sbrun Note Added: 0006827
2017-06-15 15:14 g0tmi1k Status assigned => resolved
2017-06-15 15:14 g0tmi1k Resolution open => fixed
2017-06-15 15:14 g0tmi1k Fixed in Version => 2017.2
2017-07-18 14:30 g0tmi1k Note Added: 0006927
+Issue History