HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 32 guests and 2 members online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Web Applicationsarrow Advice needed
EH-Net
May 23, 2013, 05:44:39 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Advice needed  (Read 2406 times)
0 Members and 1 Guest are viewing this topic.
millwalll
Guest
« on: August 24, 2011, 12:22:32 PM »
Hi all,

I am messing with another web app and they have a browse button that allows me to upload any files. So I am thinking of uploading a file that allows me to get shell access to them try and get root from this.

My programming skills are a bit shocking and not sure where to start. any help pointers or advice ?

This again is for a testing rig so all Ethical
Logged
tturner
Sr. Member
****
Offline Offline

Posts: 432


View Profile WWW
« Reply #1 on: August 24, 2011, 12:27:52 PM »
Check out http://luctus.es/wp-content/uploads/2010/04/Webshells.pdf for some good options here.
Logged
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, OPSE, CSWAE, CSTP, VCP

WIP: OSWP, GSSP-JAVA, GXPN

Udacity on hold, again. I suck.

http://sentinel24.com/blog  @tonylturner http://bsidesorlando.org
millwalll
Guest
« Reply #2 on: August 24, 2011, 12:39:10 PM »
thanks will do Tongue
Logged
cd1zz
Hero Member
*****
Offline Offline

Posts: 561


View Profile WWW
« Reply #3 on: August 24, 2011, 03:23:47 PM »
Check out meterpreter. There are ways to turn the payload into asp and php....
Logged
OSCE | OSCP | GXPN | OSWP | CISSP
http://www.pwnag3.com
http://www.networkadminsecrets.com
MaXe
Hero Member
*****
Offline Offline

Posts: 669


I've just upgraded myself to a cyborg muahahaa!!1


View Profile WWW
« Reply #4 on: August 24, 2011, 04:07:34 PM »
PHP Reverse Shell:
http://pentestmonkey.net/tools/web-shells/php-reverse-shell

(In case it's a PHP application, fyi it won't work on most Windows installations, but should work fine on Linux.)
Logged
I'm an InterN0T'er
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.048 seconds with 22 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.