.

Advice needed

<<

millwalll

Post Wed Aug 24, 2011 12:22 pm

Advice needed

Hi all,

I am messing with another web app and they have a browse button that allows me to upload any files. So I am thinking of uploading a file that allows me to get shell access to them try and get root from this.

My programming skills are a bit shocking and not sure where to start. any help pointers or advice ?

This again is for a testing rig so all Ethical
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Wed Aug 24, 2011 12:27 pm

Re: Advice needed

Check out http://luctus.es/wp-content/uploads/201 ... shells.pdf for some good options here.
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org
<<

millwalll

Post Wed Aug 24, 2011 12:39 pm

Re: Advice needed

thanks will do :P
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Wed Aug 24, 2011 3:23 pm

Re: Advice needed

Check out meterpreter. There are ways to turn the payload into asp and php....
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Wed Aug 24, 2011 4:07 pm

Re: Advice needed

PHP Reverse Shell:
http://pentestmonkey.net/tools/web-shel ... erse-shell

(In case it's a PHP application, fyi it won't work on most Windows installations, but should work fine on Linux.)
I'm an InterN0T'er

Return to Web Applications

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software