filmov
tv
Exploiting a backdoor in PHP 8.1.0-dev | Knife @ HackTheBox
Показать описание
PHP version 8.1.0-dev was released with a backdoor on March 28th 2021, but the backdoor was quickly discovered and removed because if this version of PHP runs on a server, an attacker can execute any arbitrary code he wants.
Knife, on the other hand, is an Easy difficulty Linux machine from @HackTheBox which is vulnerable to this particular security breach. The machine runs a traditional Apache web server which uses PHP 8.1.0-dev for the back-end, while the front-end only exposes a static site.
How can we hack inside this server? Let's figure it out in this video!
=== Timestamp ===
00:00 Intro
00:53 PHP's backdoor analysis
01:52 Backdoor exploitation
02:57 knife command overview
03:27 Privilege escalation n.1: knife exec
03:48 Privilege escalation n.2: knife client edit
4:55 Possible consequences of the PHP's backdoor
05:26 How it was possible?
05:50 Conclusions
If you enjoyed the video leave a like and subscribe to my channel!
---
Would you like to support my work? Offer me a virtual coffee :)
Check out my socials:
Knife, on the other hand, is an Easy difficulty Linux machine from @HackTheBox which is vulnerable to this particular security breach. The machine runs a traditional Apache web server which uses PHP 8.1.0-dev for the back-end, while the front-end only exposes a static site.
How can we hack inside this server? Let's figure it out in this video!
=== Timestamp ===
00:00 Intro
00:53 PHP's backdoor analysis
01:52 Backdoor exploitation
02:57 knife command overview
03:27 Privilege escalation n.1: knife exec
03:48 Privilege escalation n.2: knife client edit
4:55 Possible consequences of the PHP's backdoor
05:26 How it was possible?
05:50 Conclusions
If you enjoyed the video leave a like and subscribe to my channel!
---
Would you like to support my work? Offer me a virtual coffee :)
Check out my socials:
0:16:45
PHP 8.1.0-dev BACKDOOR Hack (Easy RCE)
0:06:18
Exploiting a backdoor in PHP 8.1.0-dev | Knife @ HackTheBox
0:02:09
Weevely PHP Backdoor | Web Hacking For Beginners | 2022
0:02:50
HACKED: Backdoor in PHP's Source Code Discovered
0:40:09
explore a Wordpress PHP BACKDOOR webshell
0:09:33
Generating A PHP Backdoor with weevely
0:20:58
Hacked and Backdoored this website in MINUTES! NEVER try this on unauthorized targets!
0:12:34
Hacking Website Using PHP Shell/PHP Backdoor
0:06:30
Upload PHP Backdoor on a Windows IIS 10 Server - OSCP
0:13:08
Tutorial Exploit Laravel Filemanager & Tamper data | UPLOAD SHELL BACKDOOR
0:00:47
PHP 8.1.0-dev Backdoor Remote Code Execution | RCE | PoC | FLAST101
0:01:52
Php 8 1 0 dev backdoor hack easy rce
0:28:23
Analysis of the most powerful backdoor in php: 1n73ctionShell
0:00:40
Kiosk mode Bruteforce Evasion with Flipper Zero
0:05:22
Bypass Shell Upload via .htaccess
0:09:06
how hackers hack any website in 9 minutes 6 seconds?!
0:01:45
How to find all Suspected PHP backdoor in your website?
0:06:16
Exploit android dengan backdoor php (Metasploit)
0:01:05
How hackers exploit XSS vulnerabilities to create admin accounts on your WordPress blog
0:04:48
PHP Remote File Inclusion - Windows Backdoor
0:09:33
2 Exploitation & Privilege Escalation: Generating a PHP backdoor with Weevely Post exploitati...
0:15:59
Inject Backdoor from File Upload features | Security Awareness
0:00:55
Mr. Robot Sucks
0:00:29
most dangerous Virus in Windows 10
Комментарии