Jump to content
  • 0
Sign in to follow this  
Followers 0
noyse

command esecution

Asked by noyse

Question

noyse    0

noyse
Posted

We have see how to listing dir or cat /etc/** , but we will able to wget a webshell? we first look at permission?

Share this post

Link to post
Share on other sites

1 answer to this question

Recommended Posts

  • 0

Vincent    198

Vincent
Posted

Yes, you can look and see what folders are writable.

You can run a command like:

find / -type d \( -perm -g+w -or -perm -o+w \) -exec ls -adl {} \;

This will identify any world writable folders.

In the demo it was easy because the username was the default www usernames, so it was easy to identify that the html folder would be writable. 

You could also encode a webshell and upload it through the address bar, if you wanted to get really creative. 

Share this post

Link to post
Share on other sites
Guest
You are commenting as a guest. If you have an account, please sign in.
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Sign in to follow this  
Followers 0
Go To Question Listing Stepping Through Our first Web App Penetration Test
×