Smplshllctrlr is a PHP Command Injection exploitation tool so for demo we will be using DVWA (Damn Vulnerable Web App).
1.) Exploit web page and upload simple-shell.php (or simply find an existing exploitable command injection).
2.) Execute the controller to exploit the command injection vulnerability. The controller is simply a command injection exploitation tool, and can therefore with a few adjustments be rewritten to exploit already existing vulnerabilities without the need for uploading the ‘simple-shell.php’.
Here we will be exploiting the File Uploading vulnerability in DVWA by uploading a custom shell and executing it.
First clone the github repo with command:
git clone https://github.com/z0noxz/smplshllctrlr.git
And now give the script permission to execute by entering in the cloned folder and executing command:
chmod +x simple-shell-controller.py
Now open up DVWA in your browser and open up the upload vulnerability tab from where we will upload our reverse shell named simple-shell.php to gain a reverse shell.
Now click on Browse button and select the simple-shell.php present in the cloned folder of smplshllctrl
Now click on upload to upload the shell to server.
After uploading the shell it will tell us the path of the uploaded shell as ../../hackable/uploads/simple-shell.php.
Now run the following command:
python simple-shell-controller.py –url “http://192.168.222.1/dvwa/hackable/uploads/simple-shell.php”
As you can see it has successfully returned a command shell.
Here –url is the url of uploaded shell in the previous step.
Author: Himanshu Gupta is a Information Security Researcher | Technical writer. You can follow him on LinkedIn .