a totally unnecessary composer shell
background A silly reverse shell invoked via the Composer Dependency Manager. Source here Composer, which is most probably the most popular PHP dependency manager allows for scripts to run as callbacks on based an event. Callbacks are normally triggered just before or after certain events. It is possible to provide shell commands to the scripts property in the required composer.json file (with a few restrictions), but this method echoes the command that it executes. A slightly more covert approach would be to execute a cleverly named static function in a class included in the codebase. It has to be one that can be autoloaded by composer. ...