Giter Club home page Giter Club logo

as_bypass_php_disable_functions's Issues

自动添加副本的建议

一个小优化建议:
当前版本bypass后会自动在同目录生成.antproxy.php文件
需要手动添加shell
能否改为自动添加shell

建议.antproxy.php文件上传到当前shell目录

建议.antproxy.php文件上传到当前shell目录,有时候根目录不可写。
使用FASTCGI的方式bypass显示so文件上传成功,但是代理脚本上传失败,发现重新启的FPM端口是开启的,自己上传.antproxy.php修改连接端口,一连接FPM端口就没了

一个小建议

本来是可以bypass的,但是后来上了waf,第二次写入代理脚本的时候就被拦截了
image
经过检查此目录有读写权限
image

于是想到蚁剑的代理脚本特征很有可能已经进了waf的规则查杀库,所以插件无法正常使用

个人建议是可以把生成的代理php脚本打印出来,用户可以根据需要复制粘贴,再进行进一步的混淆处理,希望能够采纳,谢谢。

使用问题

我使用LD_PRELOAD模式,界面上shell "当前目录:false",可以上传成功so镜像,但是没有启动PHP SERVER,.antproxy.php也没有上传成功,最终显示失败,请问这是什么原因?

php5.6.40下两个BUG

  1. 日志报错

[Sun Jun 23 10:41:15.880997 2019] [:error] [pid 32465] [client 169.254.65.200:63206] PHP Fatal error: Call to undefined function curl_init() in /var/www/html/xxxx/yyyy/.antproxy.php on line 3

这一行是
$aAccess = curl_init();
我ubuntu18.04在

sudo apt install php5.6-curl
service apache2 restart

后可以了。但是这个不符合此前假设

目标机器无法主动外连,并且入站只有80端口可访问,目标机器上面不保证一定有python, 不一定有 perl。我们能肯定的是,应该是有php的,但美中不足的是PHP在5.4版本才引入了 -S 这个内置web服务器

的条件


  1. list($headerstr,$sResponse)=explode("\r\n\r\n",$sResponse, 2);
    报错,日志为:

[Sun Jun 23 11:41:45.137806 2019] [:error] [pid 681] [client 169.254.65.200:50174] PHP Notice: Undefined offset: 1 in /var/www/html/xxxx/yyyy/.antproxy.php on line 58

用is_bool看了下,$sResponse是个bool值

一个小BUG

经过测试
如果当前的shell后面有传入的参数时,新生成的.antproxy.php中不会加上
例如:
http://www.xxx.com/a.php?test=assert
这个shell

生成的.antproxy.php中的第四行没有加入get的参数,就会导致连接失败
curl_setopt($aAccess, CURLOPT_URL, "http://127.0.0.1:63685/a.php");

求ext里面的so文件源代码

我看到php-fpm里面需要用到so文件来启动一个php server,想问一下so文件的源代码可以供学习参考一下吗

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.