Merge pull request #1 from Cvar1984/dev

Dev
Cvar1984 · Aug 9, 2024 · fc04d79 · fc04d79
2 parents 6deca87 + 352f4f8
commit fc04d79
Show file tree

Hide file tree

Showing 7 changed files with 52 additions and 20 deletions.
diff --git a/Makefile b/Makefile
@@ -3,9 +3,11 @@ CC = gcc
 
 x86_64 : preload.c
 	$(CC) preload.c ${CCFLAGS} -m64 -o preload_x86_64.so
+	strip preload_x86_64.so
 
 x86 : preload.c
 	$(CC) preload.c $(CCFLAGS) -m32 -o preload_x86.so
+	strip preload_x86.so
 
 
 .PHONY : clean 

diff --git a/README.md b/README.md
@@ -5,6 +5,4 @@ PHP LD_PRELOAD Payload. A tool to bypass __disable_functions__.
 
 PHP in Linux calls a binary (sendmail) when the mail() function is executed. If we have putenv() allowed, we can set the environment variable "LD_PRELOAD", so we can preload an arbitrary shared object. Our shared object will execute our custom payload (a binary or a bash script) without the PHP restrictions, so we can have a reverse shell, for example.
 ## how to do it
-1. compile your shared object, move it to where you want e.g /tmp/preload.so
-2. compile your own arbitrary C code or you can use bash script and then move it e.g /tmp/payload
-3. execute exploit.php and enjoy
+run exploit.php and connect using gsocket client
diff --git a/encode_bytes.php b/encode_bytes.php
@@ -0,0 +1,12 @@
+<?php
+
+function file_to_byte_array($filename) {
+$contents = file_get_contents($filename, true);
+$bytes = unpack("C*", $contents);
+return $bytes;
+}
+
+$b = file_to_byte_array($argv[1]);
+
+echo implode(",",$b);
+
diff --git a/exploit.php b/exploit.php
diff --git a/payload b/payload
diff --git a/preload_x86.so b/preload_x86.so
diff --git a/preload_x86_64.so b/preload_x86_64.so