Plz Help Oopsie - Reverse Shell

edited April 2020 in Machines

SOLVED:
Hi, please can anyone help me.
in burp - intercept: made attack "POST /cdn-cgi/login/admin.php?content=uploads&action=upload" to upload php-reverse-shell.php file with my IP/PORT.
When run this obtein a message the file was upload.

Then run command "curl http://10.10.10.28/uploads/php-reverse-shell.php" this said:

The requested URL was not found on this server.

what do you said is my fail?
Tks a lot!

SOLUTION:
In upload page "NEED" Brand NAME, i use the same of admin user in branding section page.

Comments

  • Did you verify that YOUR IP and Port are correct inside the php-reverse-shell.php?

  • In upload page "NEED" Brand NAME, i use the same of admin user in branding section page.

    This stil didnt work for me. While searching directories using dirsearch too, 'http:///uploads' gives a 301 error , permanently moved. And 'http:///uploads/' gives 403 forbidden.

    Curl is giving the same issue.

    Have you figured this out??

    Thanks,
    r0vi

  • edited December 2020

    I have the same proble as @r0vi here.

    No way to access my uploaded shell.php in 10.10.10.28/uploads/shell.php directory. I got a 404 not found.
    The directory listing in 10.10.10.28/uploads/ gives me a 403 forbidden.

  • Type your comment> @r0vi said:

    In upload page "NEED" Brand NAME, i use the same of admin user in branding section page.

    This stil didnt work for me. While searching directories using dirsearch too, 'http:///uploads' gives a 301 error , permanently moved. And 'http:///uploads/' gives 403 forbidden.

    Curl is giving the same issue.

    Have you figured this out??

    Thanks,
    r0vi

    @r0vi @MrNonoss ,
    did you make forward progress on this I am stuck in the same spot..,

Sign In to comment.