This is a simple PHP reverse shell that works on both Windows and Linux systems. It allows you to specify the target operating system via a query parameter, and will execute a PowerShell reverse shell on Windows or a bash reverse shell on Linux.
- Windows: Access the script with
?os=windows, and it will run a PowerShell reverse shell on the target machine. - Linux: Access it with
?os=linux, and it will run a bash reverse shell.
Before triggering the shell, start a Netcat listener on your machine (attacker's machine):
nc -lvnp 4444Use PHP’s built-in server to host the reverse shell script:
php -S 0.0.0.0:8000Open a web browser or any HTTP client and visit the PHP script with the appropriate query parameter for the target OS:
-
For Windows:
http://your-ip:8000/reverse_shell.php?os=windows -
For Linux:
http://your-ip:8000/reverse_shell.php?os=linux
Once the reverse shell is triggered, you'll get access to the target machine through your Netcat listener.
php -S 0.0.0.0:8000Access via browser:
http://your-ip:8000/reverse_shell.php?os=windows
Educational Purposes Only: This script is intended for legal penetration testing or educational use. Unauthorized use of this script is illegal. Please use responsibly in environments where you have explicit permission.