For instance, the above code works for mi when running php on a cli, but not when php is running as an apache module (there the socket is the fd 12 for me) However, if it is already opened the new connection will have a different descriptor and your shell won't be plugged where you want. Now, if the connection opened had the fd 3, the shell will attach to that descriptor. running /bin/sh -i with input and output redirected to the fd 3 and returning the last line (don't confuse php exec with shell/C exec). While at the same time you have a netcat listening on 1234. This is the code from the Metasploit payload (decoded from base64): /*
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |