arrexel / phpbash Goto Github PK
View Code? Open in Web Editor NEWA semi-interactive PHP shell compressed into a single file.
License: Apache License 2.0
A semi-interactive PHP shell compressed into a single file.
License: Apache License 2.0
Hi
I trying to use phpbash. I clone the rep and when i try to browser it appear error 500.
on apache error.log say:
PHP Warning: Unknown: failed to open stream: Permission denied in Unknown on line 0
PHP Fatal error: Unknown: Failed opening required '/var/www/html/basurero/phpbash.min.php' (include_path='.:/usr/share/php:/usr/share/pear') in Unknown on line 0
How i can debug this issue?.
Regards
M.
I didn't try this on other machines, but the command upload is forwarded to the system.
no ask for file to upload.
No hostname is shown, no current working directory, in Console tab in developer tools this error on calling getShellInfo();
. PHP is installed.
https://github.com/Arrexel/phpbash/blob/master/phpbash.php#L12
Shouldn't this be:
function endsWith($haystack, $needle) {
return strlen($needle) === 0 || (substr($haystack, -strlen($needle)) === $needle);
}
if(!endsWith($path, '/')) {
$path .= '/';
}
?
Right now the code is:
if($path != '/') {
$path .= '/';
}
If the path is /etc
, it does not equal /
, so it won't append the /
. But if someone uploads a file, say screenshot.png
, the final path it generates will be /etcscreenshot.png
because /etc
(the original path) did not end in /
. However, if you simply check if the path ends in /
(and if not, add a /
after the path), it will always generate /etc/screenshot.png
(which is what you want).
I created a t2.micro VM instance to test this out.
I just tried to create a folder
sudo mkdir testdir
and I got this error
sudo: no tty present and no askpass program specified
I know this to deal with permissions on my server-side. but I don't know how to do so.
any help?
You can get XSS by inputting these commands:
<img/src=x onerror=alert(1)>
</script><script>alert(1)</script>
It would be awesome if we could upload other files via this shell.... Similar to the functionality in meterpreter.
cat filename.php
will lead to php-code execution, instead of being able to examine the php-code, This leads to all kind of weird stuff, like forms and boxes appearing in the terminal output and when clicking them can lead to link execution.
Hello, Feature Enhancement with ehh 20 lines of code or less.
Tab completion for the currently directory.
Upon issuing the cd
command execute a ls -a
command a populate a var currentDirListing = []
array with entire folder contents. Capture tab key and cycle through the files.
Rinse and repeat.
If I finish my college test prior to hearing back. I'll submit a PR
after typing vi or nano command.
phpbash not responding any command.
example :
www-data@localhost:/var/www/html/phpbash# nano filename
or
www-data@localhost:/var/www/html/phpbash# vi
Hi, could you also add the download functions? It will make life way easier when trying to look for interesting files.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.