PHP Web Shells

I’m stuck in the phpwebshell module, i cant go on at the answear
"Use what you learned from the module to gain a web shell. What is the file name of the gif in the /images/vendor directory on the target? (Format: xxxx.gif) ".
I follow all the steps described by the module, but I can’t load the webshell on the site, the steps I take are these
-I download the web shell

  • I unzip it and see the ‘webshell’ file
    -now I go to the IP address that htb generated for me
  • I enter with my credentials
    -go devices->vendor
    -I open burpsuite and go to the proxy section
    -I open the browser settings and in the proxy section I set with port 8080
    -I go to the web and add new
    -I enter the credentials and using the browse button I find the .php file
    -I save,
    This is where the problems begin:
    1, the page loads endlessly
    2, burpsuite seems to have done its job but the web page never stops loading,
    I don’t understand what the problem is, can someone tell me where I went wrong and what? can you give me some suggestions?

To be clear: Have you executed the transactions with the browser within burpsuite? After forwarding all your requests, you just need to upload the webshell and modify the Content Type of your web request in burpsuite as stated in the docs.

Hi, I have a problem with Burpsuite, how can I load the web shell without paying for the pro version?

Looks like you did not click on Forward in Burpsuit, twice.

I’m stuck as well. I have been able to upload the php file and got the “Added new vendor NetVen to Database” message.
But when I go to https://target IP/images/vendor/connect.php, I get 404 Not Found.

because it is not vulnerable that way. I tried tha too.
Check the hint for quest’n and go for /manage page vulnerability.

Finally figured it out. I should’ve known not to follow the lesson verbatim.

Please, I need to help.

Did you figure it out already?

No, I not. Now I am studying another module (Password Attack), because I don’t found a method for solve that section

Follow the steps in the lesson to craft and upload your payload. Once done, visit
https://target IP/images/vendor/name of payload.php
Hope this helps

1 Like

Hi! I’m a little lost in this exercise. What credentials did you use to enter rConfig? HTB use to give us creds like: user “htb-student” and password “HTB_@cademy_stdnt!”