Learning Exercise

Web Shell PHP

Web shells exist for almost every web programming language you can think of. We chose to focus on PHP because it is the most widely-used programming language on the web.

PHP web shells do nothing more than use in-built PHP functions to execute commands. The following are some of the most common functions used to execute shell commands in PHP.

Share

Rate this post Web Shell PHP Exploit WordPress is by far the most popular CMS (Content Management System). This... see more

Exercise

system()

The system() function accepts the command as a parameter and it outputs the result.

The following example on a Microsoft Windows machine will run the dir command to return a directory listing of the directory in which the PHP file is executing in.

<?php
// Return the directory listing in which the file run (Windows)
system("dir");
?>

--> Volume in drive C has no label.
Volume Serial Number is A08E-9C63

Directory of C:\webserver\www\demo

04/27/2016 10:21 PM <DIR> .
04/27/2016 10:21 PM <DIR> ..
04/27/2016 10:19 PM 22 shell.php
1 File(s) 22 bytes
2 Dir(s) 31,977,467,904 bytes free

Similarly, executing the ls command on a Linux machine achieves a similar result.

<?php
// Return the directory listing in which the file run (Linux)
system("ls -la");
?>

--> total 12
drwxrwxr-x 2 secuser secuser 4096 Apr 27 20:43 .
drwxr-xr-x 6 secuser secuser 4096 Apr 27 20:40 ..
-rw-rw-r-- 1 secuser secuser 26 Apr 27 20:41 shell.php

Other commands have the same effect.