This topic contains 1 reply, has 2 voices, and was last updated by Tompazi 1 month, 1 week ago.
- July 7, 2020 at 4:16 pm #279620
There was an SNMP manager web application on a box I was attacking the other day. That application had a page to ping routers, which was vulnerable to command injection. However, something was preventing reverse shells from working. I could upload files, but couldn’t get any callback. What are some other things I could look for, if I come across this problem again? I tried looking around for passwords, but I ended up not finding anything.
- July 7, 2020 at 4:16 pm #279621
Stay in the webshell. You can easily turn a web shell into a pseudo-interactive shell. And even a fully interactive shell if the server has screen or tmux installed (or you can upload those programs).
- July 7, 2020 at 4:16 pm #279622
Just move protocol – have the shell call back over ICMP or DNS
You must be logged in to reply to this topic.