It's maybe more a bash oriented question, but it deals with security.
So I'm trying to download a binary (nc) from a remote machine that I can access using Php (and shell_exec function), I looked for wget and found it in /usr/ports/ftp/ repository, with the following rights:
drwxr-xr-x 3 root wheel 512 Dec 27 2013 wget
So, as you can see everybody should be abble to execute this. So, I did the following with shell_exec:
<?php $output = shell_exec("/usr/ports/ftp/wget"); echo "<pre>$output</pre>"; ?>
But when I executed this script via the server nothing append, which is strange because shell_exec(ls"); works (it can see the stdout of it) and "ls" binary which is in /bin as exaclty the same rights
Any suggestion ?
p.s: all of this happens in a training lab of course
