Sorry this is going to be a few questions in one but to start I figured out how to use Burp suite but only when using the “Open Browser” button. It does not work with Firefox. Is that a bug or a feature? Second, I think I follow all the directions. I download WhiteWinterWolf’s PHP Web Shell from the link provided but it comes with LICENSE, READEME.md, passhash.sh, screenshot.png, and webshell.php. I assume I am only supposed to use webshell.php. After downloading I login and go to the Vendors page. I click add Vendor make my Vendor Name “Apples”. Choose file “webshell.php”. Turn on Burp Suite Intercept. Hit save. On line 29 I change “Content-Type: application/x-php” to “Content-Type: image/gif” . Hit forward twice. Turn off intercept.
I get a picture like this
.
Then I try to go to the /images/vendor/connect.php and it says this
.
So what am I doing wrong?
Thanks for the help in advance!
Hey past me, its future me. Obviously you cant find the image connect.php because you didn’t name your php file that. Good try though and your def gonna improve. Future you knows it.
Guys I am in need of help, I used burp the way it was described in the module, I ensured that the PHP file was uploaded as evident by the broken image pic next to the name of the file. No matter what I do everytime I navigate to /images/vendor/name_of_my_file.php, it hangs
Hi Deathfreeze,
Hopefully you figured out the issue but if not I’ll try to give my best explanation. The first text input is just an arbitrary name for identification, it doesn’t really matter. The second input you should have selected your malicious web shell .php file. The name of that file (i.e. wwwolf_webshell.php) is the url you should browse to, not the arbitrary vendor name (i.e. baba).
Hope this makes it more clear.
Thanks a lot for the response, this was on point.
Good Day please can you kindly explain how to solve this have been on it done everything use my file name.php same url error
