Sec260‐PHP‐Shell‐Lab - ConnorEast/Tech-Journal GitHub Wiki

Testing the machine:

Using the ISO provided in the lab I navigated to "var/www/html". I then deleted index.html and replaced it with index.php. Next I used the command "$name = $_GET["name"]". This means to set the variable of name to the value of name when applied to the server url. Below you can see the code as well as the site.

Setting up the system variable:

For this section I simply added in the command "system($name)" to the end of the document. This forced the system to print out any information that would be found by the internal system if said command were to be run. The two examples below are "whoami" and "IP ADDR" and their respective outputs

Attacking my system:

For this section I created a new PHP document which prints out the output of the systemwide command. Below is an image, similar to section two, that features the whoami command. Following that we have access to the passwords account. You can do this by simply inserting the "cat /etc/passwd" command into the terminal.

Sec260‐PHP‐Shell‐Lab - ConnorEast/Tech-Journal GitHub Wiki

Testing the machine:

Setting up the system variable:

Attacking my system:

Other System Commands:

Building a PHP script with minimal letters:

System as a static variable:

System as a non static variable: