I’m not really sure how to trigger the payload. Navigating directly to shell-files only downloads them from the https site. I believe I should be using ["shell"."win-based-web-extension"] but i’m not 100% sure, or maybe I should try using something like *WhiteWolf
If there’s an “access-uploads” directory on one of the landing pages then I haven’t found it. Any suggestions?
Shells aren’t under ‘‘root’’ of the http page, either and dir-forcing I haven’t found anything. I can see that ftp uploads are connected by the page but that’s it. I don’t think they’re connected to XAMPP
Read the documentation which you can access in dashboard, there is valuable info where you can possibly upload/writte something what need’s to be windows oriented and maybe revisit the sql section in the course.
You need to think about the concept where for example dashboard and other web sites are located on the C:\ drive, the info where are located is in in the documentation which you can access from the dashboard on the web. There you should find the location where to upload the shell.
I`ve been trying to look for that info… in the sql databases, the page source… I can’t access the ftp server… I’ve been searching on google where is that page supposed to be stored but I can’t find anything…
Sorry man but… how do I “find the location where to upload my shell” I`m looking into the module section and they give you a command that I run but obviously gives me an error… I read the link of the “MariaDB Select into file” but I don’t understand how to use it… I tried some of the commands in the link but no luck… I also try to log in through FTP but it always asks me for root’s password…
I got to the point where I was able to get the brute force and get the user, the password, get into FTP, figure out where to upload, do the select into outfile method for windows, but couldn’t figure it out from there. For anyone who was lost and needs to upgrade to a meterpreter session to make their life easy this was really helpful: Web Shell – OutRunSec