Attacking Vector
http->code injection->web reverse shell(powershell) -> priv esc
Decision Tree
1)discovery : which ports are opened?
– only 80 port is opened
2)enumerate : input/output sanitization? third platform?
– check the website, does it use open source platform? any known vulnerabilities?
– inject malicious strings, %00, {, |, . are acceptable?
– can execute remote script?
3)manipulate webpage : any possible exploits?
– exploit db, python code compile -> cmd shell (okay)
– but, better way?
4)get a reverse shell : can we get a reverse web shell?
– manipulate HTTP request by using burp
– pawn a powershell
5)privilege escalation : any mis-configurations or vulnerabilities?
– upload/execute powershell script
Tools & References
tools: Empire, nishang, Sherlock
https://www.exploit-db.com/exploits/39161