Share this page!

Osirys Profile picture
Twitter logo
24 Nov, 5 tweets, 2 min read
1/ Thread about file upload exploitation
you have a file upload resource where you managed to upload arbitrary files, however failed to find where they got uploaded and you think there go my chances of #RCE. Hold your breath you might still get it:
2/ At this point you don’t know - if ever - where the file might potentially get executed, could be on a different server than the original web app with different tech.
Approach:
1. Make sure you have a sniffer always running on a VPS of yours ->
3/
 2. Create at least 3 shells, one in PHP, one in JSP, one in C#.
3. In the payload, get the shell to execute a bunch of commands both for Windows and Linux OS, like: whoami, uname, pwd.
4. Code the shell to use at least 3 different ways to send outgoing http requests ->
4/
 To send the results of the commands to your VPS where you have the sniffer running.
5. Upload all 3 shells and wait

At a later time, an admin, a backend user, even an internal script or program might actually execute your shell, when that’ll happen you’ll know as you’ll ->
5/
 Receive the hit on your VPS and obtain the output of the CMDs your payload executed.
Your failed initial exploit would have turned into a Blind OOB RCE.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Osirys

Osirys Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @osiryszzz

Osirys Profile picture
1 Dec
Last 4 sqlis were found and submitted once I finally had my computer connected to the internet and managed to sit down after the flooding mess. First 3 issues submitted last day of Airbnb with the cleaning lady yelling at me.
No calamity stops Osirys. Thanks @SynackRedTeam Image
I guess I should now go buy a decent computer, my metabox with nvidia on Linux can’t cope with my 5k res monitor.
Time to donate some money to the true hero here, @stamparm as a small token of gratitude and to help with the development of sqlmap.
Read 5 tweets
Osirys Profile picture
22 Jun
1/ almost completely blew my entire account. in a few months i must have reached .45 BTC 4 times, and perhaps went back to .2 at least 8. now rekt with .03 BTC. never felt better - finally freed from this obsession of “getting rich quick”. the truth i learned about myself is /
/2 that i am not a particularly lucky person. to get anywhere or accomplish something - i have to work hard and things never just came to me on a silver platter - but had to sweat and earn them. /
/3 cryptos may have changed many peoples lives, many have made life changing money - but for each some of them there must be 100 people who didn’t, lost money - or at least their sanity and their life chasing this get rich quick thing. /
Read 17 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @osiryszzz has new unrolls!

Check out other threads from @osiryszzz!

Read all threads by @osiryszzz

:(