A python script to bypass disablefund, provide some useful information
ScanDF
The purpose of this script is to bypass disablefund, provide some useful information, and dig the hook function of PHP extension.
df-bypass.py
Use: Python df-bypass.py – U URL (phpinfo information)
EG1: Test [geek challenge 2019] rce me
You can directly use the hook function to bypass the DL – runtime load a PHP extension
EG2: [Blue Hat Cup 2021] one pointer PHP
Direct hit FPM modify ant sword source code!!
putenv-ld_preload.py
By bypassing the putenv hook function, we can scan the available functions, load more plug-ins and use them better. It can be used with DF bypass.py
Use: Python putenv LD_ Preload.py (scan the internal value function of the current PHP environment by default)