Loginβββββββ βββββββββββββββββββ ββββββββββββββ βββ
βββββββββββββββββββββββββββ ββββββββββββββ βββ
βββ βββββββββ ββββββββββββββββββββββ βββ βββ
βββ βββββββββ ββββββββββββββββββββββ βββ βββ
βββββββββββ βββββββββββ ββββββββββββββββββββββββββββ
βββββββ βββ βββββββββββ βββββββββββββββββββββββββββ
D3Ext's Forwarded Shell it's a python3 script which use mkfifo to simulate a shell into the victim machine. It creates a hidden directory in /dev/shm/.fs/ and there are stored the fifos. You can even have a tty over a webshell.
In case you want a good webshell with code obfuscation, login panel and more functions you have this webshell (scripted by me), you can change the username and the password at the top of the file, it also have a little protection in case of beeing discovered because if the webshell is accessed from localhost it gives a 404 status code
To use other forwarded shells you have to edit the script to change the url and the parameter of the webshell, but DFShell use parameters to quickly pass the arguments to the script (-u/--url and -p/--parameter), the script have a pretty output with colors, you also have custom commands to upload and download files from the target, do port and host discovery, and it deletes the files created on the victim if you press Ctrl + C or simply exit from the shell.
*If you change the actual user from webshell (or anything get unstable) then execute: 'sh'*
Install with pip
pip3 install dfshellInstall from source
git clone https://github.com/D3Ext/DFShell
cd DFShell
pip3 install -r requirementsOne-liner
git clone https://github.com/D3Ext/DFShell && cd DFShell && pip3 install -r requirementsIt's simple, you pass the url of the webshell and the parameter that executes commands. I recommend you the most simple webshell
python3 DFShell.py -u http://10.10.10.10/webshell.php -p cmd
βββββββ βββββββββββββββββββ ββββββββββββββ βββ
βββββββββββββββββββββββββββ ββββββββββββββ βββ
βββ βββββββββ ββββββββββββββββββββββ βββ βββ
βββ βββββββββ ββββββββββββββββββββββ βββ βββ
βββββββββββ βββββββββββ ββββββββββββββββββββββββββββ
βββββββ βββ βββββββββββ βββββββββββββββββββββββββββ
D3Ext's Forwarded Shell it's a python3 script which use mkfifo to simulate a shell into the victim machine. It creates a hidden directory in /dev/shm/.fs/ and there are stored the fifos. You can even have a tty over a webshell.
In case you want a good webshell with code obfuscation, login panel and more functions you have this webshell (scripted by me), you can change the username and the password at the top of the file, it also have a little protection in case of beeing discovered because if the webshell is accessed from localhost it gives a 404 status code
To use other forwarded shells you have to edit the script to change the url and the parameter of the webshell, but DFShell use parameters to quickly pass the arguments to the script (-u/--url and -p/--parameter), the script have a pretty output with colors, you also have custom commands to upload and download files from the target, do port and host discovery, and it deletes the files created on the victim if you press Ctrl + C or simply exit from the shell.
*If you change the actual user from webshell (or anything get unstable) then execute: 'sh'*
Install with pip
pip3 install dfshellInstall from source
git clone https://github.com/D3Ext/DFShell
cd DFShell
pip3 install -r requirementsOne-liner
git clone https://github.com/D3Ext/DFShell && cd DFShell && pip3 install -r requirementsIt's simple, you pass the url of the webshell and the parameter that executes commands. I recommend you the most simple webshell
python3 DFShell.py -u http://10.10.10.10/webshell.php -p cmd
Continue readingThe Binary Exploitation: Stack based Buffer overflow
Vulnhub Koptrix Level 1 (OSCP like machines) writeup is here for those looking to root this machine. CTFs are fun and great learning, today we are solving a very simple CTF called Koptrix Level 1, the machine can be downloaded from β This Link. As I saw the machine to be beginner level and part [β¦]
The post Vulnhub Koptrix 1 Writeup [OSCP Like machines] appeared first on Ethical Hacking Tutorials.
Last week I was working on retried HTB machine Optimum. Cool example for simple enumeration with attack using vulnerability for service (web file server), and then privilege escalation using local exploit for unpatched Windows 2012 server. It is example of real case scenario. Great to make
