https://github.com/cvar1984/pload

Convenient way to bypass PHP disabled functions with LD_PRELOAD to create gsocket connection
https://github.com/cvar1984/pload

bypass bypass-disable-function gsocket hacktoberfest ldpreload linux php-exploit

Last synced: about 1 month ago
JSON representation

Convenient way to bypass PHP disabled functions with LD_PRELOAD to create gsocket connection

Host: GitHub
URL: https://github.com/cvar1984/pload
Owner: Cvar1984
License: gpl-3.0
Created: 2022-08-03T08:34:25.000Z (almost 3 years ago)
Default Branch: main
Last Pushed: 2024-12-14T03:50:30.000Z (5 months ago)
Last Synced: 2025-03-28T19:12:34.132Z (about 2 months ago)
Topics: bypass, bypass-disable-function, gsocket, hacktoberfest, ldpreload, linux, php-exploit
Language: PHP
Homepage:
Size: 14.6 MB
Stars: 7
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # Pload

PHP LD_PRELOAD Payload. A tool to bypass __disable_functions__.

## How it works

PHP in Linux calls a binary (sendmail) when the mail() function is executed. If we have putenv() allowed, we can set the environment variable "LD_PRELOAD", so we can preload an arbitrary shared object. Our shared object will execute our custom payload (a binary or a bash script) without the PHP restrictions, so we can have a reverse shell, for example.

## how to do it

run exploit.php and connect using gsocket client

## why

this design chosen to keep everything in a single file of php script to prevent issue with the firewall when downloading elf data from external source nonexistent download function

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/cvar1984/pload

Awesome Lists containing this project

README