The need to use run for RCE is lacking documentation

[zombozo12]

Why so many commands that cannot be executed? Like 'git' for example. I cant use git in phpsploit, but I can used it with WebConsole. Why? Is phpsploit used to be like back-connect?

this is phpsploit

this is webconsole

[nil0x42]

Hi !
Indeed, phpsploit is NOT a simple backconnect, but a framework with INTERNAL commands.
Let me explain:
when you type help, the commands you see can be core commands (for managing phpsploit settings, connection, and showing help), then when you are connected to a TARGET, there are the PLUGIN COMMANDS, which run furtive php payloads hidden in http headers.

For example, when you type ls from a remote target, you are not actually running remote system's /bin/ls, but you are executing the ls phpsploit plugin, this PLUGIN executes a PHP CODE inside of target, with php functions like opendir(), is_dir(), etc.

This is a feature and not a bug, as MANY, MANY remote php servers simply DONT allow execution of RCE, so with phpsploit you still have access to basic commands in order to do your privesc & C&C.

But, if you use the awesome help command, you will discover that PLUGIN named run does exactly what you want, as this plugin tries multiple ways to execute arguments passed to it.
So in your case you must type:
run git ... instead of git.

Another tip for you:
If you use the help command, you will also discover that a special core command exists to bind phpsploit's shell to any command or plugin. This is useful when you are exploiting the remote server with a single plugin (for example run or mysql), and you are tired to always type this command at start of your commands.

For example, if you connect to a local mysql servetr through mysql PLUGIN, you will probably dedicate a good time only running sql commands, so instead of doing (example):

phpsploit(victim.com) > mysql show databases
phpsploit(victim.com) > mysql show tables
phpsploit(victim.com) > mysql select * from users
phpsploit(victim.com) > # etc...

You can first bind your phpsploit shell as follows:

phpsploit(victim.com) > bind mysql
phpsploit(victim.com) #mysql > show databases
phpsploit(victim.com) #mysql > show tables
phpsploit(victim.com) #mysql > select * from users

You can note the same applies for any plugin, in your case, the run plugin.
This is totally optional, but as i said it can be move convenient than having to prefix each command with plugin's name.

NOTE:
Phpsploit have no documentation, and it's manpage is old as f*ck, BUT the help command is very complete and totally up-to-date, so feel free to use it

[nil0x42]

Partially resolved:

This user experience issue should not happen anymore since commit 4584e2c

TODO:

The lack of documentation for bind command and how the phpsploit commands work is still awaiting documentation