View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0001097 | Kali Linux | [All Projects] Queued Tool Addition | public | 2014-03-18 22:37 | 2021-05-18 11:02 |
| Reporter | g0tmi1k | Assigned To | sbrun | ||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | resolved | Resolution | fixed | ||
| Product Version | |||||
| Target Version | Fixed in Version | 2017.2 | |||
| Summary | 0001097: b374k 3.2.3 - PHP web shell | ||||
| Description | Name: b374k shell Version: 3.2.3 Homepage: https://github.com/b374k/b374k Download: https://github.com/b374k/b374k/archive/v3.2.3.tar.gz License: MIT Description: This PHP Shell is a useful tool for system or web administrator to do remote management without using cpanel, connecting using ssh, ftp etc. All actions take place within a web browser. Features: * File manager (view, edit, rename, delete, upload, download, archiver, etc) * Search file, file content, folder (also using regex) * Command execution * Script execution (php, perl, python, ruby, java, node.js, c) * Give you shell via bind/reverse shell connect * Simple packet crafter * Connect to DBMS (mysql, mssql, oracle, sqlite, postgresql, and many more using ODBC or PDO) * SQL Explorer * Process list/Task manager * Send mail with attachment (you can attach local file on server) * String conversion * All of that only in 1 file, no installation needed * Support PHP > 4.3.3 and PHP 5 It also supports customisation, allowing you to re-build with personalised modifications. | ||||
| Additional Information | There is already a selection of (php) web shells, in /usr/share/webshells/php by default. However, these are very 'simple'. b374k has various improved features (such has the database support - making it much easier to navigate), as well as other new features (e.g. information gathering, creating other bind/reverse shells, process manager). Shells like this, such as c99, r57, wso2 web shells have gotten bad press over the years by how they have been used and abused. However, I choose this shell to be submitted because its: * Been activity developed, * There is an 'official homepage', * It hasn't been modified/encoded to include a 'backdoor', * The features that it offers (all of which could be used in a CTF, pentest, or remote network admin). * The features thats are 'missing' when compared to other web shells (e.g. there IS NOT a; email bomber/DoS/DDoS/Botnet - these are not normally used in a typical pentest) | ||||
|
|
Not sure if to package it as something new, or put it in "/usr/share/webshells/" |
|
|
I packaged it separatly in a new package b374k The version 3.2.3-0kali1 is now in kali-rolling It's in /usr/share/b374k/ We don't provide a b374k.php. It's better if the user creates his own "b374k.php" with his own password. The documentation is in /usr/share/doc/b374K |
|
|
This is missing a entry in the Kali menu. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2014-03-18 22:37 | g0tmi1k | New Issue | |
| 2014-03-18 22:38 | g0tmi1k | Description Updated | View Revisions |
| 2016-09-18 12:03 | g0tmi1k | Summary | b374k - PHP web shell => b374k 3.2.3 - PHP web shell |
| 2016-09-18 12:03 | g0tmi1k | Description Updated | View Revisions |
| 2017-05-09 10:37 | g0tmi1k | Note Added: 0006647 | |
| 2017-05-31 13:41 | sbrun | Assigned To | => sbrun |
| 2017-05-31 13:41 | sbrun | Status | new => assigned |
| 2017-06-15 14:33 | sbrun | Note Added: 0006827 | |
| 2017-06-15 15:14 | g0tmi1k | Status | assigned => resolved |
| 2017-06-15 15:14 | g0tmi1k | Resolution | open => fixed |
| 2017-06-15 15:14 | g0tmi1k | Fixed in Version | => 2017.2 |
| 2017-07-18 14:30 | g0tmi1k | Note Added: 0006927 | |
| 2021-05-18 11:02 | g0tmi1k | Category | New Tool Requests => Queued Tool Addition |