Web shells

What is the best PHP web shell and why?

God will bless America with Russian deaths.

>>2
that is not a web shell

>>3

https://soundcloud.com/user-11646361/let-the-russia-fall-apart

>>4
sir this is a programming discussion board

>>2,4
make your're fucking game

if your're are not a dumbass script kiddie, you'll just write your're are own shell. it's easy. it will be the best one because even if it doesn't have the GUI of c99-derivatives, it won't trigger the firewall/AV

>>7
But what about WSO shell?

I've once used a php shell called PHP Shell (yes, not very distinctive but that was its name, and I think there is more than one with this name), installed it on Heroku, could execute commands except root ones, but a few months later noticed they've deleted it.

I could use wget and curl, for instance, which means I could remote request (maybe ddos if I had a lot of shells)
My plan was to maybe create a cloud of these shells for myself to control, and use it either for denial-of-service'ing, port/vulnerability-scanning, or massive computational power if I ever had the need.

>>9
why didn't you attempt to do privilege escalation? if they hate an RFI or LFI vuln they probably had other security issues too, like maybe using an old kernel version which had buffer overflow issues

just saying

also ddosing is worthless, all it does it temporarily inconvenience someone, but in doing so you are painting a huge target on all of your bots, which will make them likely to get reported, so what you really want to do is something profitable, like exfiltrating data or doing ransomware on databases or using the bots for TDSes or some shit

skids think ddosing is cool but it's not really hacking

edit: also I think this post might've come across a little meaner than I intended, I still appreciate you sharing this info Edited on 27/09/2018 17:19.

>>9
why didn't you attempt to do privilege escalation? if they hate an RFI or LFI vuln they probably had other security issues too, like maybe using an old kernel version which had buffer overflow issues

just saying

also ddosing is worthless, all it does it temporarily inconvenience someone, but in doing so you are painting a huge target on all of your bots, which will make them likely to get reported, so what you really want to do is something profitable, like exfiltrating data or doing ransomware on databases or using the bots for TDSes or some shit

skids think ddosing is cool but it's not really hacking
skids think ddosing is cool but it's not really hacking ↵
↵
edit: also I think this post might've come across a little meaner than I intended, I still appreciate you sharing this info

or you can use the servers to mine cryptocurrency, another way to monetize it

ddosing is what I would call "stunt hacking" in the sense that it's only done for attention and doesn't really affect anything in the long run

the only way to really monetize ddosing would be to rent out your network for money, but again, it has the visibility issue I mentioned before, and people would report your bots to their hosting providers and get them removed