Plz Help Oopsie - Reverse Shell

HTB Content Machines
, , ,
1

SOLVED:
Hi, please can anyone help me.
in burp - intercept: made attack “POST /cdn-cgi/login/admin.php?content=uploads&action=upload” to upload php-reverse-shell.php file with my IP/PORT.
When run this obtein a message the file was upload.

Then run command “curl http://10.10.10.28/uploads/php-reverse-shell.php” this said:

The requested URL was not found on this server.

what do you said is my fail?
Tks a lot!

SOLUTION:
In upload page “NEED” Brand NAME, i use the same of admin user in branding section page.

2

Did you verify that YOUR IP and Port are correct inside the php-reverse-shell.php?

3

In upload page “NEED” Brand NAME, i use the same of admin user in branding section page.

This stil didnt work for me. While searching directories using dirsearch too, ‘http:///uploads’ gives a 301 error , permanently moved. And ‘http:///uploads/’ gives 403 forbidden.

Curl is giving the same issue.

Have you figured this out??

Thanks,
r0vi

4

I have the same proble as @r0vi here.

No way to access my uploaded shell.php in 10.10.10.28/uploads/shell.php directory. I got a 404 not found.
The directory listing in 10.10.10.28/uploads/ gives me a 403 forbidden.

5

Type your comment> @r0vi said:

In upload page “NEED” Brand NAME, i use the same of admin user in branding section page.

This stil didnt work for me. While searching directories using dirsearch too, ‘http:///uploads’ gives a 301 error , permanently moved. And ‘http:///uploads/’ gives 403 forbidden.

Curl is giving the same issue.

Have you figured this out??

Thanks,
r0vi

@r0vi @MrNonoss ,
did you make forward progress on this I am stuck in the same spot…,

6

yep, same problem