Shelo Posted February 19, 2014 Report Share Posted February 19, 2014 (edited) Trebuie sa exploatati un script php. 1) Determinati ce vulnerabilitate are2) Exploatati vulnerabilitatea3) Urcati shell si puneti-va numele pe index !Target: http://188.212.103.11/Raspunsul se da pe privat .Cei care au rezolvat ! - yo20063 - danyweb09 - Roby4kill - florin_darck - askwrite Rezolvare:# paramentru infectat este "RCE" Remote Code Execution# Encriptia care ati gasito voi in comentarii era Korex [url=http://crypo.in.ua/tools/eng_korex-3s.php]Aici[/url] se poate decripta !# Dupa decriptarea mesajului aveati urmatorul rezultat "rst.php?=" Acesta este parametru.# Executati comanda "echo nume" si gata.# Ca sa urcati shell trebuia sa gasiti un fisier fara permisiuni si folosindu-va de functii PHP urcati shelul in fisier txt transformand acest RCE in RFI.ScriptScriptul folosit de mine este foarte simplu .echo system($_GET['rst']);?><html><body><center><h1><b>Exploateaza acest script</b></h1></center><!-- ? ? ? ? ? ? ? ? ? ?HIT: Un korean criptograf a fost foarte inteligent. --><?phpMultumiriMultumesc tuturor care au facut acest challange. Nivelul a fost mediu-hard.# yo20063# danyweb09# Roby4kill# florin_darck# askwrite Topic InchisAcest topic a fost inchis , orice replay sau PM nu este luat in considerare ! Edited February 19, 2014 by Shelo Quote Link to comment Share on other sites More sharing options...
bobtoms Posted February 19, 2014 Report Share Posted February 19, 2014 I pm'd u solution. Quote Link to comment Share on other sites More sharing options...
Shelo Posted February 19, 2014 Author Report Share Posted February 19, 2014 I pm'd u solution.Nu vad ca ai reusit sa treci challange-ul. Quote Link to comment Share on other sites More sharing options...
yo20063 Posted February 19, 2014 Report Share Posted February 19, 2014 Quote Link to comment Share on other sites More sharing options...
Bit-ul Posted February 19, 2014 Report Share Posted February 19, 2014 Oops! Google Chrome could not connect to 188.212.103.11 Quote Link to comment Share on other sites More sharing options...
florin_darck Posted February 19, 2014 Report Share Posted February 19, 2014 (edited) pwdMomentan nu reusesc sa ii dau de cap cu shell-ul.. Edited February 19, 2014 by florin_darck Quote Link to comment Share on other sites More sharing options...
Active Members dancezar Posted February 19, 2014 Active Members Report Share Posted February 19, 2014 Quote Link to comment Share on other sites More sharing options...
Shelo Posted February 19, 2014 Author Report Share Posted February 19, 2014 pwdMomentan nu reusesc sa ii dau de cap cu shell-ul..Lasa-mi pm cu rezolvarea este ok si asa. Quote Link to comment Share on other sites More sharing options...