Smplshllctrlr is a PHPCommand Injection exploitation tool so for demo we will be using DVWA (Damn Vulnerable Web App).
1.) Exploit web page and upload simple-shell.php (or simply find an existing exploitable command injection).
2.) Execute the controller to exploit the command injection vulnerability. The controller is simply a command injection exploitation tool, and can therefore with a few adjustments be rewritten to exploit already existing vulnerabilities without the need for uploading the 'simple-shell.php'.
Here we will be exploiting the File Uploading vulnerability in DVWA by uploading a custom shell and executing it.
First clone the github repo with command:
And now give the script permission to execute by entering in the cloned folder and executing command:
chmod +x simple-shell-controller.py
Now open up DVWA in your browser and open up the upload vulnerability tab from where we will upload our reverse shell named simple-shell.php to gain a reverse shell.
Now click on Browsebutton and select the simple-shell.phppresent in the cloned folder of smplshllctrl .
Now click on upload to upload the shell to server.
After uploading the shell it will tell us the path of the uploaded shell as ../../hackable/uploads/simple-shell.php.
Now run the following command:
python simple-shell-controller.py --url “http://192.168.222.1/dvwa/hackable/uploads/simple-shell.php”
As you can see it has successfully returned a command shell.
Here --urlis the url of uploaded shell in the previous step.
