.. / Php
Star



Shell

It can be used to break out from restricted environments by spawning an interactive system shell.



Command

It can be used to break out from restricted environments by running non-interactive system commands.



Reverse shell

It can send back a reverse shell to a listening attacker to open a remote network access.



File upload

It can exfiltrate files on the network.



File download

It can download remote files.



SUID

It runs with the SUID bit set and may be exploited to access the file system, escalate or maintain access with elevated privileges working as a SUID backdoor. If it is used to run sh -p, omit the -p argument on systems like Debian that allow the default sh shell to run with SUID privileges.



Sudo

It runs in privileged context and may be used to access the file system, escalate or maintain access with elevated privileges if enabled on sudo.



Capabilities

It can manipulate its process UID and can be used on Linux as a backdoor to maintain elevated privileges with the CAP_SETUID capability set. This also works when executed by another binary with the capability set.