Type your comment> @SPARTANone17 said:
Type your comment> @dewest91 said:
Type your comment> @SPARTANone17 said:
Ok so here is one Interesting thing i got … I was able to spawn a web shell using the Following steps –
.
.
1.i was able to login as admin through the page
2.then i started the metasploit scanned and navigated the whole System for like 3-4 Days
3.then i started googling again and found out something about GetSimple cms 3.1.15 Vulnerablity that is in theme-editor
4. I visited the theme editor and tried to edit the php files there and was able to spawn a webshell using the One liner - <,?,p,h,p, e,c,h,o, s,h,e,l,l,_e,x,e,c,($_GET[‘e’].’ 2>&1’); ?>
(remove the ,(commas) I had to use them or the forum was glitching)
5.then i tried the sudo -l command and it worked …(remember to url-encode spaces to run commands)
this is my progress until now…Thanks, following your steps led me to the initial shell. From here though, i had to get a true reverse shell to exploit a certain binary that sudo can run on. Gtfobins led the way for me afterwards!
How were you able to get a true REVERSE SHELL!!! i tried like 50 times till now and still i am not able to spawn a true shell i know afterwards that i have to exploit the php vulnerablity using the gtfobins but how ? please help…
I uploaded a php web shell on the theme editor page, then setup a listener on my local machine, and used a php reverse shell one liner.