Drupal: Reverseshell

at 11:10 PM Wednesday, October 30, 2019

In this Post, you will learn how to test security loopholes in Drupal CMS for any critical vulnerability which can cause great damage to any website if found on any webserver.  In this article you will learn how a misconfigured wep application can be easily exploit.

Remote code Execution: Remote Code Evaluation is a vulnerability vulnerability that occurs because of the unsafe handling of inputs by the server application or that can be exploited if user input is injected into a File or a String and executed by the programming language's parser or the user input is not sanitised properly in POST request and also when accepting query string param during GET requests.

Therefore a Remote Code Evaluation can lead to a full compromise of the vulnerable web application and also web server.

Let’s Begin!!
So the drupal is accessable through web broswer by exploring following URL:
http://192.168.10.117/drupal
And this open the default home page, to access the dash board you must have credential for login.


So, to access the user console, I used following creds.
Username:raj
Password:123


After accessing the admin console, it was time to exploit web application by injecting malicious content inside it. Directly writing malicious scripts as web content will not give us the reverse shell of the application but after spending some time, we concluded that it requires PHP module. We, therefore, move to install new module through Manage>Extend>List>Install new module.
You can download the PHP package for Drupal from the URL below and upload the tar file to install the new module.
https://www.drupal.org/project/php


To install php module upload the tar file that was downloaded.


So, when the installation is completed, we need to enable to added module.


Again, move to Manage > Extend >filters and enable the checkbox for PHP filters.


Now use the Pentest monkey PHP script, i.e. “reverse shell backdoor.php” to be injected as a basic content. Don’t forget to add a “listening IP & port” to get a reversed connection. Continue to change the “text format to PHP” and enable the publishing checkbox. Keep the netcat listener ON in order to receive the incoming shell.

When everything is set accordingly, click the preview button and you’ll get the reverse connection over the netcat.


Hence, we got the reverse connection of the host machine.



Labels:

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)