![]() ![]() Some useful commans such as w, uname -a, id and pwd are run automatically for you:Ĭonnect to from (UNKNOWN) 58012 If all went well, the web server should have thrown back a shell to your netcat listener. Run the script simply by browsing to the newly uploaded file in your web browser (NB: You won’t see any output on the web page, it’ll just hang if successful): Using whatever vulnerability you’ve discovered in the website, upload php-reverse-shell.php. Use the same port here as you specified in the script (1234 in this example): Start a TCP listener on a host and port that will be accessible by the web server. Edit the following lines of php-reverse-shell.php: To prevent someone else from abusing your backdoor – a nightmare scenario while pentesting – you need to modify the source code to indicate where you want the reverse shell thrown back to. A PHP Reverse_shell Payload - use it at your own risk! This isn't made by me, it's made by pentestmonkey! port 1234 // CHANGE THIS Get Ready to catch the reverse shell Start a TCP listener on a host and port that will be accessible by the web server. USAGE : change the IP and port in the windows-php-reverse-shell.php file upload, set up an listener in you machine, access the windows-php-reverse-shell.php file on the server. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |