Smplshllctrlr is a PHP Command Injection exploitation tool so
for demo we will be using DVWA (Damn
Vulnerable Web App).
1.) Exploit web page and upload
simple-shell.php (or simply find an existing exploitable command injection).
2.) Execute the controller to exploit the command injection
vulnerability. The controller is simply a command injection exploitation tool,
and can therefore with a few adjustments be rewritten to exploit already
existing vulnerabilities without the need for uploading the 'simple-shell.php'.
Here we will be exploiting the File
Uploading vulnerability in DVWA by uploading a custom shell and executing it.
First clone the github repo with command:
And now give the script permission to
execute by entering in the cloned folder and executing command:
chmod
+x simple-shell-controller.py
Now open up DVWA in your
browser and open up the upload vulnerability
tab from where we will upload our reverse shell named simple-shell.php to gain a reverse shell.
Now click on Browse
button and select the simple-shell.php
present in the cloned folder of smplshllctrl .
Now click on upload to upload the shell to server.
After uploading the shell it will tell us
the path of the uploaded shell as ../../hackable/uploads/simple-shell.php.
Now run the following command:
python
simple-shell-controller.py --url “http://192.168.222.1/dvwa/hackable/uploads/simple-shell.php”
As you can see it has successfully returned
a command shell.
Here --url
is the url of uploaded shell in the previous step.
