Welcome to the comprehensive guide for the DCSC PHP Shell π β a lightweight yet powerful PHP tool designed for penetration testing, Capture The Flag (CTF) challenges, and various cybersecurity tasks π. Originally created during a PWK/OSCP journey, this shell is a practical solution intended to offer only the essential functionalities required for security testing π οΈ.
The DCSC PHP Shell is a streamlined PHP script that integrates key functionalities including:
- File Upload Capabilities π
- Direct Shell Command Execution π»
- On-the-fly PHP Code Evaluation β‘
- MySQL Database Interaction πΎ
It is designed for compatibility with most PHP versions (4+) by using legacy PHP functions and minimalistic code. While the code may be considered βdirtyβ or unoptimized due to its quick development cycle, its simplicity is its strength π₯.
Before using this tool, immediately change the default password to protect your system from unauthorized access π.
This section provides a step-by-step guide for users who have never used this type of tool before:
- Clone or download the repository from GitHub.
- Upload the files to your web server where PHP is installed.
- Locate the default configuration section in the code and change the default password.
- Open your web browser and navigate to the PHP file (e.g.,
http://yourserver.com/dcsc-php-shell.php). - Log in with your newly updated credentials.
- File Upload: Use the file upload feature to transfer necessary files to your server.
- Shell Command Execution: Run system commands directly through your browser for testing purposes.
- PHP Code Evaluation: Execute PHP code snippets on the fly for debugging or testing.
- MySQL Interaction: Connect and run queries on your MySQL database if needed.
- Change the default password before the first use.
- Consider restricting access using
.htaccessor IP whitelisting. - Regularly monitor and update the code to patch any vulnerabilities.
If you're new to penetration testing tools or PHP shells, here are some tips to enhance your experience:
- Understand the Risks: Running a PHP shell on your server can expose sensitive functionalities. Always operate in a controlled environment
β οΈ . - Backup Your Data: Ensure you have a backup of your system before using the shell to avoid accidental data loss πΎ.
- Continuous Learning: Familiarize yourself with basic PHP, SQL, and Linux commands to maximize the tool's effectiveness π.
- Community Resources: Engage with online communities and forums to share experiences and troubleshoot issues π.
The screenshots below highlight key features of the DCSC PHP Shell:
Distributed under the MIT License. See LICENSE for more information.
For more details or issues, feel free to open an issue on GitHub.