Follow:

Latest articles in ‘Php’

  1. 'Pentest' topic logo

    wwwolf’s PHP webshell user’s guide

    Published: Sat 02 December 2017 in Projects.
    wwwolf’s PHP webshell is a PHP web shell striving to abide by the KISS principle. Discover its features and how to use webshells in general.

    Web shells are backdoors relying on server-side scripting languages to be executed by the targeted server and usually accessed through a browser. While focused on wwwolf’s PHP webshell features, some part of this post are general and can be applied to other other webshells as well.

    While some web shells attempt to provide the most complete post-exploitation frameworkas possible, and are therefore heavy and prone to bugs and incompatibilities, wwwolf’s PHP webshell considers the web shell as a transitional step in taking over a server.

    wwwolf’s PHP webshell focuses on the functionalities necessary to do:

    • Local enumeration to discover the target’s environment and choose your next step.
    • Payloads and toolkits files transfer and execution, to proceed with your next step.

    It tries its best to:

    • Be unobtrusive, with a simple yet efficient interface.
    • Be reliable, being as tolerant as possible regarding the target’s environment and …
    Continue
  2. 'Drupal' topic logo

    Drupageddon revisited: a new path from SQL injection to remote command execution (CVE-2014-3704)

    Published: Thu 16 November 2017 in Cookbook.
    Background explanations and a more efficient way to exploit Drupageddon, aka. CVE-2014-3704, Drupal SA-CORE-2014-005.

    Usually Drupal teams do a great job into ensuring a reasonable security level to their users. Most of the Drupal critical vulnerabilities come from community modules, modules which are hosted on a central place where the ones not conforming with Drupal security requirement get a specific red banner (“This module is unsupported due to a security issue the maintainer didn’t fix.”) and are tagged as abandoned.

    However, mistakes still happen, as Stefan Horst discovered in 2014 when he found out the Drupageddon vulnerability, also known as CVE-2014-3704 and Drupal SA-CORE-2014-005.

    I find this vulnerability quite interesting as it is an SQL injection vulnerability affecting Drupal core which relies on PDO for its database accesses which, in theory, should make it immune to such vulnerability.

    Moreover, we will see that Drupal’s features allow to extend this vulnerability way further than a simple SQL injection. We will …

    Continue
  3. 'Pentest' topic logo

    wwwolf’s PHP webshell is now available

    Published: Sat 21 January 2017 in Projects.
    Updated: Sat 02 December 2017 (Added the password feature + link to project page.)
    Discover wwwolf's PHP webshell, a lightweight off-road PHP web shell!

    I frequently encountered issues when using other web shells:

    • They use new PHP syntax features not compatible with the old PHP version running on some targets.
    • They make wrong assumption on the remote URL, breaking PHP code injection or GET parameters (un)expected by the server.
    • They often only display standard output content, throwing away stderr.
    • They poorly handle special characters in output display (such as <).
    • They do not allow file upload, or offer a method unsupported/blocked by the target’s settings.
    • They require manual modification depending whether the target is running a UNIX-like or a Windows system.

    Here is my attempt to solve these issues. As opposed to some other solutions, this one does not even barely aim to become a “full-featured post-exploitation framework”. It’s only goal is to provide a stable and reliable way to get a foot in the door on the target by …

    Continue

Popular tags see all

Website

Author

Follow