phil/CTF_CheatSheet
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Cleaned up the php shell

Browse Source
This commit is contained in:
Phil 2021-12-24 14:04:08 +00:00
parent 987e5109f0
commit b5d9ca42cd
1 changed files with 15 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
README.md
View File

@ -21,14 +21,6 @@
* Gobuster
* Backup File Artifacts Checker
* Web Vulnerabilities
* Repository Github
* Burp
* Web Checklist
* Nikto
* Payment functionality
#### Nmap
@ -76,6 +68,7 @@ masscan IP -p 1-65535 --rate 100 -oX masscan.xml
| -p | Ports to scan, E.g. -p80,8000-8100 |
| --rate= | Rate of Packets-per-Second, E,g --rate=10000 = 10kpps (Too High can cause a Jam) |
| --banners | -oB <filename>: save results of scan in binary format to <filename> |
| -oX <savefile> | save them as xml in <savefile>|
| --open --banners --readscan <filename> -oX <savefile> | read binary scan results in <filename> and save them as xml in <savefile> |
| --nmap | Options Compatable with Nmap|
@ -159,41 +152,21 @@ netdiscover -i <INTERFACE>
## Stage 2 - Foothold
### Attacking - Reverse Shells
#### PHP Reverse Shell
### Attacking - Web Reverse Shells
Kali / Parrot OS
```
cd /usr/share/webshells/
```
#### PentestMonkey PHP Reverse Shell
* php-reverse-shell - A Reverse Shell implementation in PHP
* Copyright (C) 2007 pentestmonkey@pentestmonkey.net
```
<?php
// php-reverse-shell - A Reverse Shell implementation in PHP
// Copyright (C) 2007 pentestmonkey@pentestmonkey.net
//
// This tool may be used for legal purposes only. Users take full responsibility
// for any actions performed using this tool. The author accepts no liability
// for damage caused by this tool. If these terms are not acceptable to you, then
// do not use this tool.
//
// In all other respects the GPL version 2 applies:
//
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License version 2 as
// published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License along
// with this program; if not, write to the Free Software Foundation, Inc.,
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
//
// This tool may be used for legal purposes only. Users take full responsibility
// for any actions performed using this tool. If these terms are not acceptable to
// you, then do not use this tool.
//
// You are encouraged to send comments, improvements or suggestions to
// me at pentestmonkey@pentestmonkey.net
//
// Description
// -----------
@ -433,9 +406,9 @@ export TERM=xterm
* Linux Tools
| | Command|
|---|--------|
| SUID | find / -type f -user root -perm -4000 2>/dev/null |
| Command| Discription |
|--------|-------------|
| find / -type f -user root -perm -4000 2>/dev/null | Find SUID Files |