Question about PHP shell commands


I was looking for a PHP shell command and found two different variations of a similar command set, but I’m not entirely sure what the difference is. The top one is from a github site, and GTFOBins has the bottom one. The top one ended up working for what I needed, but I’m curious about exactly how they are different since it seems like GTFOBins only uses the export and getenv commands.

sudo php -r “system(‘$CMD’);”

export CMD=“/bin/sh”
php -r ‘system(getenv(“CMD”));’


Maybe I am wrong, but for me it’s exactly the same, it’s just the way you call it. In the both scenario it does the same, it’s just how the variables are defined. You can name CMD variables as you want. In the first case it just defined CMD as a local session variable, and for the second one it creates an environment variable, so I guess it use getenv to call it.

And you could decide to not create a variable and put it straight in it.

Sudo php -r "system('/bin/bash');"