Kali Linux

Jatayu : Stealthy Stand Alone PHP Web Shell

JATAYU a Stealthy Stand Alone PHP Web Shell .

FEATURES

  • Http Header Based Authentication.
  • 100% Undetectable.
  • Exec Function Changer.
  • Nothing Fancy

USAGE

GET /test/jatayu.php?fn=1&&cmd=whoami
Host : http://test.com
Authtoken : bb3b1a1f-0447-42a6-955a-88681fb88499

FUNCTIONS

PARAMETERFUNCTION
fn=1Calls function shell_exec()
fn=2Calls function system()
cmd=idExecutes command

GENERATE AUTHTOKEN

php
$r = unpack(‘v*’, fread(fopen(‘/dev/random’, ‘r’),16));
$apiKey = sprintf(‘%04x%04x-%04x-%04x-%04x-%04x%04x%04x’,
$r[1], $r[2], $r[3], $r[4] & 0x0fff | 0x4000,
$r[5] & 0x3fff | 0x8000, $r[6], $r[7], $r[8]);
echo $apiKey;
?>

Download
R K

Leave a Comment
Share
Published by
R K
Tags: JatayuPHP Web ShellStealthy
3 years ago

Recent Posts

ps5Spoofer : Unlocking PS4 Game Compatibility On Your PS5

The ps5Spoofer is a tool designed for the PlayStation 5 (PS5) that patches the PS4…

2 hours ago

eWPTX Preparion : Essential Tools And Functions

The eWPTX (eLearnSecurity Web Application Penetration Tester Extreme) certification is a challenging credential that validates…

2 hours ago

REC2 : Rusty External Command And Control Tool

REC2, short for Rusty External Command and Control, is a sophisticated Command and Control (C2)…

2 hours ago

AMSI-Bypass-HWBP : A Tool For Evading AMSI Detection

AMSI (Antimalware Scan Interface) is a Windows feature designed to help protect systems from malware…

20 hours ago

BurpSuite-Xkeys : Mastering Key And Token Extraction For Web Security

Xkeys is a Burp Suite extension designed to extract interesting strings such as keys, secrets,…

20 hours ago

DEDSEC_BOTNET : A Comprehensive Tool For Penetration Testing And Ethical Hacking

DEDSEC_BOTNET is a Linux-based tool designed for creating and managing advanced botnet payloads. It is…

20 hours ago