Skip to content
/ pload Public

Convenient way to bypass PHP disabled functions with LD_PRELOAD to create gsocket connection

License

GPL-3.0 license
6 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Cvar1984/pload

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

31 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
encode_bytes.php
encode_bytes.php
 
 
exploit.php
exploit.php
 
 
preload.c
preload.c
 
 

Repository files navigation

Pload

PHP LD_PRELOAD Payload. A tool to bypass disable_functions.

How it works

PHP in Linux calls a binary (sendmail) when the mail() function is executed. If we have putenv() allowed, we can set the environment variable "LD_PRELOAD", so we can preload an arbitrary shared object. Our shared object will execute our custom payload (a binary or a bash script) without the PHP restrictions, so we can have a reverse shell, for example.

how to do it

run exploit.php and connect using gsocket client

why

this design chosen to keep everything in a single file of php script to prevent issue with the firewall when downloading elf data from external source nonexistent download function

About

Convenient way to bypass PHP disabled functions with LD_PRELOAD to create gsocket connection

Topics

linux ldpreload bypass hacktoberfest php-exploit gsocket bypass-disable-function

Resources

Readme

License

GPL-3.0 license
Activity

Stars

6 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

V1.0 Latest
Aug 9, 2024

Packages

No packages published

Contributors 2

  •  
  •  

Languages