arrexel / phpbash Goto Github PK

after typing vi or nano command.
phpbash not responding any command.

example :
www-data@localhost:/var/www/html/phpbash# nano filename
or
www-data@localhost:/var/www/html/phpbash# vi

I didn't try this on other machines, but the command upload is forwarded to the system.
no ask for file to upload.

You can get XSS by inputting these commands:
<img/src=x onerror=alert(1)>
</script><script>alert(1)</script>

Hi, could you also add the download functions? It will make life way easier when trying to look for interesting files.

Hi

I trying to use phpbash. I clone the rep and when i try to browser it appear error 500.

on apache error.log say:

PHP Warning: Unknown: failed to open stream: Permission denied in Unknown on line 0
PHP Fatal error: Unknown: Failed opening required '/var/www/html/basurero/phpbash.min.php' (include_path='.:/usr/share/php:/usr/share/pear') in Unknown on line 0

How i can debug this issue?.

Regards

M.

https://github.com/Arrexel/phpbash/blob/master/phpbash.php#L12

Shouldn't this be:

function endsWith($haystack, $needle) {
    return strlen($needle) === 0 || (substr($haystack, -strlen($needle)) === $needle);
}

if(!endsWith($path, '/')) {
    $path .= '/';
}

?

Right now the code is:

if($path != '/') {
    $path .= '/';
}

If the path is /etc, it does not equal /, so it won't append the /. But if someone uploads a file, say screenshot.png, the final path it generates will be /etcscreenshot.png because /etc (the original path) did not end in /. However, if you simply check if the path ends in / (and if not, add a / after the path), it will always generate /etc/screenshot.png (which is what you want).

cat filename.php will lead to php-code execution, instead of being able to examine the php-code, This leads to all kind of weird stuff, like forms and boxes appearing in the terminal output and when clicking them can lead to link execution.

Hello, Feature Enhancement with ehh 20 lines of code or less.

Tab completion for the currently directory.

Upon issuing the cd command execute a ls -a command a populate a var currentDirListing = [] array with entire folder contents. Capture tab key and cycle through the files.

Rinse and repeat.

If I finish my college test prior to hearing back. I'll submit a PR

No hostname is shown, no current working directory, in Console tab in developer tools this error on calling getShellInfo();. PHP is installed.

It would be awesome if we could upload other files via this shell.... Similar to the functionality in meterpreter.

I created a t2.micro VM instance to test this out.
I just tried to create a folder
sudo mkdir testdir

and I got this error
sudo: no tty present and no askpass program specified

I know this to deal with permissions on my server-side. but I don't know how to do so.

any help?