bypass safe_mode and functions restriction #118
Comments
|
Thanks for the idea, I'll implement it in the next releases. |
|
hello Epinna, anything new on this ? did you stop this project ? |
|
Hey @eltouco72, For exemple one would be able to do : :shell_php -w "python -c '${command}'" ls -l
# And store its value for the current session
:set shell_php.wrapper_function "python -c '${command}'"
:shell_php ls -lWould you agree on that ? |
|
maybe you could do both ? |
|
Hello everybody, I like the idea and it really adds some extra capability. Also it should not be that hard to build if i'm not mistaken. Is somebody already working on this? |
during pen testing when we can upload weevely shell, sometime the server has PHP in safe mode or restrict some function so weevely can not be in "system shell mode"
but in even in that case, python or perl are sometime installed on the server and can be executed.
I propose an enhancement where when weevely detects safe_mode or restricted function and that python ou perl are available, to execute shell command thru python or perl and not thru php
for instance, in a recent pentest PHP was in safe_mode and safe_mode_exec_dir was restricted to /usr/bin
so command like bash, ls or cat that live in /bin were not possible whereas python and perl were found /usr/bin and didn't have this restriction and could execute anything with os.system('ls -l') for instance.
thanks for the good work, weevely is a nice shell, I wish I had sufficent programming skills to improve it but i can only suggest improvement.
The text was updated successfully, but these errors were encountered: