filmov
tv
Exploiting a backdoor in PHP 8.1.0-dev | Knife @ HackTheBox
Показать описание
PHP version 8.1.0-dev was released with a backdoor on March 28th 2021, but the backdoor was quickly discovered and removed because if this version of PHP runs on a server, an attacker can execute any arbitrary code he wants.
Knife, on the other hand, is an Easy difficulty Linux machine from @HackTheBox which is vulnerable to this particular security breach. The machine runs a traditional Apache web server which uses PHP 8.1.0-dev for the back-end, while the front-end only exposes a static site.
How can we hack inside this server? Let's figure it out in this video!
=== Timestamp ===
00:00 Intro
00:53 PHP's backdoor analysis
01:52 Backdoor exploitation
02:57 knife command overview
03:27 Privilege escalation n.1: knife exec
03:48 Privilege escalation n.2: knife client edit
4:55 Possible consequences of the PHP's backdoor
05:26 How it was possible?
05:50 Conclusions
If you enjoyed the video leave a like and subscribe to my channel!
---
Would you like to support my work? Offer me a virtual coffee :)
Check out my socials:
Knife, on the other hand, is an Easy difficulty Linux machine from @HackTheBox which is vulnerable to this particular security breach. The machine runs a traditional Apache web server which uses PHP 8.1.0-dev for the back-end, while the front-end only exposes a static site.
How can we hack inside this server? Let's figure it out in this video!
=== Timestamp ===
00:00 Intro
00:53 PHP's backdoor analysis
01:52 Backdoor exploitation
02:57 knife command overview
03:27 Privilege escalation n.1: knife exec
03:48 Privilege escalation n.2: knife client edit
4:55 Possible consequences of the PHP's backdoor
05:26 How it was possible?
05:50 Conclusions
If you enjoyed the video leave a like and subscribe to my channel!
---
Would you like to support my work? Offer me a virtual coffee :)
Check out my socials:
PHP 8.1.0-dev BACKDOOR Hack (Easy RCE)
Exploiting a backdoor in PHP 8.1.0-dev | Knife @ HackTheBox
Weevely PHP Backdoor | Web Hacking For Beginners | 2022
HACKED: Backdoor in PHP's Source Code Discovered
explore a Wordpress PHP BACKDOOR webshell
Generating A PHP Backdoor with weevely
Hacked and Backdoored this website in MINUTES! NEVER try this on unauthorized targets!
Hacking Website Using PHP Shell/PHP Backdoor
Upload PHP Backdoor on a Windows IIS 10 Server - OSCP
Tutorial Exploit Laravel Filemanager & Tamper data | UPLOAD SHELL BACKDOOR
PHP 8.1.0-dev Backdoor Remote Code Execution | RCE | PoC | FLAST101
Php 8 1 0 dev backdoor hack easy rce
Analysis of the most powerful backdoor in php: 1n73ctionShell
Kiosk mode Bruteforce Evasion with Flipper Zero
Bypass Shell Upload via .htaccess
how hackers hack any website in 9 minutes 6 seconds?!
How to find all Suspected PHP backdoor in your website?
Exploit android dengan backdoor php (Metasploit)
How hackers exploit XSS vulnerabilities to create admin accounts on your WordPress blog
PHP Remote File Inclusion - Windows Backdoor
2 Exploitation & Privilege Escalation: Generating a PHP backdoor with Weevely Post exploitati...
Inject Backdoor from File Upload features | Security Awareness
Mr. Robot Sucks
most dangerous Virus in Windows 10
Комментарии