User Controls

Lololol arbitrary command injection, which command should i execute?

  1. #1
    Sophie Pedophile Tech Support
    So i was fucking around with some tools of mine and discovered several vulnerabilities on this one site. Including arbitrary command injection. I spawned a shell so now i have pseudo terminal going on. You may decide the fate of this server and tell me which command i should execute. I also found out the configuration of the server. Here's a pastebin with all the information.

    http://pastebin.com/cKM4fi3F

    This entire fucking website might as well be renamed to Pretty Damn Vulnerable Web App 2. because besides SQLi and OS command injection vulnerabilities they're also vulnerable to XSS. See the below link if it pleases you.

    http://www.northpeak.com.tw/viewnews...9%3C/scRipt%3E

    Here's a screenshot i took when command injection was succesful, it's pretty nifty because you can also see the command that was injected and that it was able to spawn a shell.

  2. #2
    aldra JIDF Controlled Opposition
    I would cat the virtual hosts in the /etc/apache or /etc/nginx for the documentroot and mess around with the actual website

    something subtle, like embedded meatspin on the login failed page or something

    you could always go the classic rm -rf / though
  3. #3
    Sophie Pedophile Tech Support
    I would cat the virtual hosts in the /etc/apache or /etc/nginx for the documentroot and mess around with the actual website

    something subtle, like embedded meatspin on the login failed page or something

    That's pretty hilarious. Maybe i should try that.


    you could always go the classic rm -rf / though

    If all else fails i will, also, for times like these i wish i had some juicy Linux malware to upload for maintaining access. That should be possible right? Maybe i could generate a meterpreter with metasploit. Thoughts?
  4. #4
    aldra JIDF Controlled Opposition
    set yourself up with an ssh account?

    if you want to be sneaky, cat /etc/passwd, look for a system account with the shell set to /bin/false, set it to /bin/sh and reset the password... that way it won't be immediately obvious that a new user's been added, and the only way they'll notice is by actively monitoring the ssh logs and seeing activity on accounts that aren't supposed to have access


    alternatively you can bind netcat to a terminal and have it listen on a nonstandard port, but that runs the risk of getting fucked by NAT as well as someone noticing the port being open, or even some other chud finding it
  5. #5
    Sophie Pedophile Tech Support
    set yourself up with an ssh account?

    if you want to be sneaky, cat /etc/passwd, look for a system account with the shell set to /bin/false, set it to /bin/sh and reset the password… that way it won't be immediately obvious that a new user's been added, and the only way they'll notice is by actively monitoring the ssh logs and seeing activity on accounts that aren't supposed to have access

    Excellent suggestion, i'm going to look into this before i do anything else.

    alternatively you can bind netcat to a terminal and have it listen on a nonstandard port, but that runs the risk of getting fucked by NAT as well as someone noticing the port being open, or even some other chud finding it

    I'll keep this in mind as well, first i'm going to check if i can add an ssh account. Thanks bruh.
  6. #6
    Sophie Pedophile Tech Support
    Update: I had some trouble retreiving the command output. Maybe because the injection was time based? Anyway i tried to upload a file for file based half blind injection but i had no write permissions to /www/var. Hmm.
  7. #7
    SBTlauien African Astronaut
    I would cat the virtual hosts in the /etc/apache or /etc/nginx for the documentroot and mess around with the actual website

    something subtle, like embedded meatspin on the login failed page or something

    you could always go the classic rm -rf / though

    Set it up to log usernames and passwords. Maybe create a page that looks like a required account update page, that asks for more info.
Jump to Top