How to setup a PHP file dropper without tools

After we have compromised a machine inside a network, we need to download tools for lateral movement, local exploits to escalate privileges, etc. Knowing how to setup a file dropper is crucial.

When I was doing the OSCP 24-hour exam but also when doing the training in the labs, that was very useful as I could easily download any payload, Trojan or implant from my kali machine to the target machine:

How to setup a PHP file dropper with one liner

For a more “heavy” tool but much more powerful have a look to this one: https://github.com/kgretzky/pwndrop

For more hints about post exploitation, check post-exploitation post here:

Learn Pentesting like a Pro
🥷 The Art of Pentesting: Post-exploitation like an APT
Linux Post-exploitation Check wrong permissions: Find setuid binaries: find / -perm -4000 -ls 2> /dev/null Find files world writable: find / -path /sys -prune -o -path /proc -prune -o -type f -perm -o=w -ls 2> /dev/null Find directories world writable…
Read more

Thanks for reading Learn Pentesting like a Pro! Subscribe for free to receive new posts.


Posted

in

by

Tags:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *