From b60677dd14d37b89046c76848b666d20c675bb14 Mon Sep 17 00:00:00 2001
From: whx <stefan@stefan.works>
Date: Tue, 14 Sep 2021 00:35:24 +0200
Subject: [PATCH] added r2

---
 exploit/binaries/r2.md               | 31 ++++++++++++++++++++++++++++
 exploit/web/php/command_injection.md |  2 ++
 2 files changed, 33 insertions(+)
 create mode 100644 exploit/binaries/r2.md

diff --git a/exploit/binaries/r2.md b/exploit/binaries/r2.md
new file mode 100644
index 0000000..7a21014
--- /dev/null
+++ b/exploit/binaries/r2.md
@@ -0,0 +1,31 @@
+# Radare2
+
+## Usage
+### Dynamic
+```sh
+r2 -d <binary>
+```
+* Analyze
+```sh
+aaa
+```
+* Show main
+```sh
+pdf @main
+```
+* Breakpoint
+```sh
+db 0xdeadbeef
+```
+* Show rbp-0x4
+```sh
+px @rbp-0x4
+```
+* Continue
+```sh
+dc
+``` 
+* Show registers
+```sh
+dr
+```
diff --git a/exploit/web/php/command_injection.md b/exploit/web/php/command_injection.md
index 9036825..1eb1b00 100644
--- a/exploit/web/php/command_injection.md
+++ b/exploit/web/php/command_injection.md
@@ -1,6 +1,8 @@
 # PHP Command Injection
 Injecting commands to execute code on the server side via php.
 
+* [Hacktricks](https://book.hackstricks.xyz/pentesting-web/file-upload)
+
 ## Blind Command Injection
 Attacker does not register a direct response.