Oopsie - Reverse Shell not working

edited April 6 in Machines

i'm on the Oopsie machine, in the starting point. I uploaded the PHP reverse shell that's on Kali in /usr/share/webshells/php/ and changed the IP to my own IP on the network and changed the port to 9005, the one i'm listening to on Netcat. When I use the curl command: "curl http://10.10.10.28/uploads/test.php" shown in the walkthrough, it returns a 404 page in HTML code and nothing is returned in the netcat listener. Its supposed to open a shell.
Any thoughts?

Comments

  • "Did you put anything in the brand name portion of the upload and curl the correct url?

  • edited April 7
    > @MrBear said:
    > "Did you put anything in the brand name portion of the upload and curl the correct url?

    That was the exact problem. I didn't put anything in the brand name. Didn't see it the first time. Thanks alot, I appreciate it
  • edited April 8

    In a terminal run "nc -lvnp 9005" before you curl the reverse shell PHP file.

  • For me the curl command will run for a few seconds before coming up with the error: "Connection timed out (110)"

    in the php file I've set the $ip to what was given by openvpn and I've changed $port to the port number listening on netcat. I've closed out of the browser and ran through it all again and I keep getting the same messaage; Connection timed out (110)

  • I'm having issues with this reverse shell too.I have changed the IP address within the script to my tun0 address and changed the port to 22. I upload it and i have included a brand name, but i get an error that says it "failed to daemonise. This is not fatal" however wheni run nc -lvnp -22 the shell does not start?

  • should have added that i ran curl as follows:

    curl http://10.10.10.28/uploads/php-reverse-shell.php

  • edited April 24

    Type your comment> @quinnlaup said:

    should have added that i ran curl as follows:

    curl http://10.10.10.28/uploads/php-reverse-shell.php

    Why would you change it to port 22? Try a higher more random port. 22 is a well known port SSH, and you're not really SSH'ing into the box. You're just having a connection made over a port you specify, in this case 22. Which might confuse your local machine and the target machine.

    Try changing the port to it's default 1234. Make sure to netcat on 1234 as well.

    TheBrick

  • Thanks for your suggestion i've tried using the default port and i still could not get a shell eventually i tried renaming the php script and managed to get the shell. Not sure why this worked but i'll take it!

  • @pelmic93 If you're following the Starting Point tutorials, the likelihood is that you haven't opened a hole in your firewall to allow the server to open the reverse shell. Try something like
    sudo ufw allow in from 10.10.10.28 to any port 1234

  • Type your comment> @thebeast353 said:

    @MrBear said:
    "Did you put anything in the brand name portion of the upload and curl the correct url?

    That was the exact problem. I didn't put anything in the brand name. Didn't see it the first time. Thanks alot, I appreciate it

    same for me, but now figuring out the shell upgradation process. Thank you!

Sign In to comment.