Exploit Laravel for Reverse Shell


It is play time. I did hacking exercise to update my knowledge and keep me busy during the weekend. I did small pentest to the lab which considered as easy. I found something interesting on the vulnerability exist in the platform.

I found laravel web framework installed with the debuging feature activated, this debugging feature really helps the developer to spot the error very quickly.

There are many details from the application shown to the screen and even the code snippet where the error occurred

Fantastic right !!. But unfortunately this information is also helpfull for the hacker to gather alot of information of the target machine.

We know that the web application framework running lavarel framework. We can also gather information of APP_KEY from the environment varialbles.

After looking googling around and I found that laravel is vulnerable to RCE (CVE-2018-15133) because of the serialization problem in the token parsing process

I found an interesting exploitation script created by @pwnedshell & @rsgbengi which can be found in their github https://github.com/PwnedShell/Larascript.git

usage: larascript.py [-h] -k APPKEY [-c COMMAND] [-m {1,2,3,4,5}] [-s {bash,python,perl,php,ruby,nc,mkfifo,lua,java}] [-t {bash,sh}] [-p PORT] [-P LPORT] [-U LHOST] 

There are two main functionalities of this script which are Remote Command Execution and Reverse shell

here below the reverse shell setup

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s