Command Injection Projekt: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| Zeile 131: | Zeile 131: | ||
[[Kategorie:PHP Beispiele]] | [[Kategorie:PHP Beispiele]] | ||
[[Kategorie:Schulungsunterlagen]] | [[Kategorie:Schulungsunterlagen]] | ||
| − | [[Kategorie:Cybersecurity] | + | [[Kategorie:Cybersecurity]] |
[[Kategorie:Hacking]] | [[Kategorie:Hacking]] | ||
Version vom 23. April 2025, 05:16 Uhr
Installation
- sudo apt update
- sudo apt install apache2 php libapache2-mod-php
- sudo systemctl restart apache2
Test
- echo "<?php phpinfo(); ?>" | sudo tee /var/www/html/info.php
- curl https://SEITENNAME/info.php
Beispiele
ping.php
<!DOCTYPE html>
<html>
<body>
<h2>PING</h2>
<form method="post">
<label for="ip">IP-Adresse:</label><br>
<input type="text" name="ip"><br>
<input type="submit" name="submit" value="Ping">
</form>
<br>
<?php
if (isset($_POST['submit'])) {
$ip = $_POST['ip'];
$cmd = 'ping -c 4 ' . $ip;
$output = shell_exec($cmd);
echo "<pre>$output</pre>";
}
?>
</body>
</html>
traceroute.php
<!DOCTYPE html>
<html>
<body>
<h2>Traceroute</h2>
<form method="post">
<label for="host">Hostname oder IP:</label><br>
<input type="text" name="host"><br>
<input type="submit" name="submit" value="Traceroute">
</form>
<br>
<?php
if (isset($_POST['submit'])) {
$host = $_POST['host'];
$cmd = 'traceroute ' . $host;
$output = shell_exec($cmd);
echo "<pre>$output</pre>";
}
?>
</body>
</html>
nslookup.php
<!DOCTYPE html>
<html>
<body>
<h2>NSLookup</h2>
<form method="post">
<label for="domain">Domain:</label><br>
<input type="text" name="domain"><br>
<input type="submit" name="submit" value="Lookup">
</form>
<br>
<?php
if (isset($_POST['submit'])) {
$domain = $_POST['domain'];
$cmd = 'nslookup ' . $domain;
$output = shell_exec($cmd);
echo "<pre>$output</pre>";
}
?>
</body>
</html>
netstat.php
<!DOCTYPE html>
<html>
<body>
<h2>Netstat mit Filter</h2>
<form method="post">
<label for="filter">Filter (z.B. :80 oder ESTABLISHED):</label><br>
<input type="text" name="filter"><br>
<input type="submit" name="submit" value="Anzeigen">
</form>
<br>
<?php
if (isset($_POST['submit'])) {
$filter = $_POST['filter'];
$cmd = 'netstat -tunap | grep ' . $filter;
$output = shell_exec($cmd);
echo "<pre>$output</pre>";
}
?>
</body>
</html>
whois.php
<!DOCTYPE html>
<html>
<body>
<h2>WHOIS-Abfrage</h2>
<form method="post">
<label for="domain">Domain:</label><br>
<input type="text" name="domain"><br>
<input type="submit" name="submit" value="WHOIS">
</form>
<br>
<?php
if (isset($_POST['submit'])) {
$domain = $_POST['domain'];
$cmd = 'whois ' . $domain;
$output = shell_exec($cmd);
echo "<pre>$output</pre>";
}
?>
</body>
</html>