module
PHP Exec, PHP Command Shell, Find Sock
| Disclosed |
|---|
| N/A |
Disclosed
N/A
Description
Execute a PHP payload as an OS command from a Posix-compatible shell.
Spawn a shell on the established connection to
the webserver. Unfortunately, this payload
can leave conspicuous evil-looking entries in the
apache error logs, so it is probably a good idea
to use a bind or reverse shell unless firewalls
prevent them from working. The issue this
payload takes advantage of (CLOEXEC flag not set
on sockets) appears to have been patched on the
Ubuntu version of Apache and may not work on
other Debian-based distributions. Only tested on
Apache but it might work on other web servers
that leak file descriptors to child processes.
Spawn a shell on the established connection to
the webserver. Unfortunately, this payload
can leave conspicuous evil-looking entries in the
apache error logs, so it is probably a good idea
to use a bind or reverse shell unless firewalls
prevent them from working. The issue this
payload takes advantage of (CLOEXEC flag not set
on sockets) appears to have been patched on the
Ubuntu version of Apache and may not work on
other Debian-based distributions. Only tested on
Apache but it might work on other web servers
that leak file descriptors to child processes.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.