Skip to content
一个各种方式突破Disable_functions达到命令执行的shell
PHP C
Branch: master
Clone or download
Latest commit f4f0075 Jun 18, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.idea new shell init Jun 18, 2019
exp new shell init Jun 18, 2019
paper add paper dir Jun 18, 2019
README.md add bypass method Jun 18, 2019
shell.php new shell init Jun 18, 2019

README.md

Bypass Disable Functions Shell

项目旧文档已迁移到此处

禁用函数列表(希望能做最全的禁用列表,也可以用此做对比进行绕过):

dl,exec,system,passthru,popen,proc_open,pcntl_exec,shell_exec,mail,imap_open,imap_mail,putenv,ini_set,apache_setenv,symlink,link

shell绕过已实现的方式:

  • 常规绕过: exec、shell_exec、system、passthru、popen、proc_open
  • ld_preload绕过: mail、imap_mail、error_log、mb_send_mail
  • pcntl_exec
  • imap_open
  • fastcgi
  • com
  • apache mod-cgi

目录结构:

  • env - docker环境, 用于测试各类绕过exp
  • papar - bypass原理
  • exp - bypass脚本
You can’t perform that action at this time.