R57, Shell, c99, Safe, b374k shell,Shell.rar, c99.php, sadrazam shell, r00t shell, sadrazam.rar, R57.php, Safe0ver Bypass Shell.rar, exploit, arabic shell. Through this article I would like to share file uploading using different type web shell scripts on a web server and try to get unauthorized access in the server. Web shells are the scripts that are coded in different languages like PHP, Python, ASP, Perl and many other languages which further use as backdoor for unauthorized access in any server by uploading it on a web server. Once the shell get uploaded on the target location, the attacker may able to perform the read and write operation directly, he will be able to edit any file or delete the file from the server. Attacker: Kali Linux Target: Bwapp Let’s begin!!! B374k Shell Open terminal and type following command to download b374k script from github. Php - f index. How to dunk in 2k 14. Php -- - o shell. Php - p raj123 Now let’s open the target IP in browser: 192.168.1.103:81/bWAPP/login.php. Enter user and password as bee and bug respectively. Set security level low, from list box chooses your bug select Unrestricted File Upload now and click on hack. Here you can see the web server allow us to upload an image under the web page of unrestricted file upload. Click on browse to upload the shell.php in the web server and then click on upload. Amd athlon ii dual-core m300 drivers download 32&64 bit version. Now you can read the message from the screenshot that ”image has been uploaded here” which means our php backdoor is uploaded successfully. Now click on the link “ here”. Here required password to execute shell.php and I had given raj123 as its password. From given screenshot you can see, we are inside the directory of images. Click on terminal tab from menu bar of b374k which will provide victims terminal to execute the desired commands. From given image you can read the command which I have executed. Lsb_release - a Now I will connect b347k shell from netcat and try to access victim’s shell. Open the terminal in kali Linux and type following command for netcat. Nc 192.168.0.103 8888 Inside shell b347k from menu select network option to open bind connection give IP of target: 192.168.0.103 as server IP and port 8888 now scroll down the list and select Perl then click on run. This will give you reverse connection on netcat and from the given screenshot you can read the victim information which I have got when I execute the following commands. Whoami cat/etc/passwd C99shell Shell Download c99shell from the given link C99shell is a PHP backdoor which provides details of files and folders when it get uploaded and let you perform command execution through it. This time again open web server IP in the browser to upload the c99shell.php Here you can read the message from the screenshot that ”image has been uploaded here” which means our php backdoor is uploaded successfully. Now click on the link “ here”. Here our php malicious file is executed where it is dumping the names of 25 files.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |