Thursday, 31 October 2013

LFI vulnerability + image upload form? You got Remote Code Execution!

An easy RCE when you find a LFI vulnerability and are able to upload images/any other file to the website.

Wednesday, 23 October 2013

[Release!] Backcat - Back-connect Utility [*nix]

[+] Outline:
A simple utility for making life easier when back-connecting from a foreign host where firewall rules are not known.  Run a copy locally specifying a port range to listen on (optionally specify another program to handle the connection). And on the server run a copy specifying the port destination range to try and 'brute-force' (optionally specify a local port range to bind to instead of taking the first available / and optionally specify a program to pass the connection to, e.g. "/bin/sh -i").