Hi,
It is play time. I did hacking exercise to update my knowledge and keep me busy during the weekend. I did small pentest to the lab which considered as easy. I found something interesting on the vulnerability exist in the platform.
I found laravel web framework installed with the debuging feature activated, this debugging feature really helps the developer to spot the error very quickly.
There are many details from the application shown to the screen and even the code snippet where the error occurred
Fantastic right !!. But unfortunately this information is also helpfull for the hacker to gather alot of information of the target machine.
We know that the web application framework running lavarel framework. We can also gather information of APP_KEY from the environment varialbles.
After looking googling around and I found that laravel is vulnerable to RCE (CVE-2018-15133) because of the serialization problem in the token parsing process
I found an interesting exploitation script created by @pwnedshell & @rsgbengi which can be found in their github https://github.com/PwnedShell/Larascript.git
usage: larascript.py [-h] -k APPKEY [-c COMMAND] [-m {1,2,3,4,5}] [-s {bash,python,perl,php,ruby,nc,mkfifo,lua,java}] [-t {bash,sh}] [-p PORT] [-P LPORT] [-U LHOST]
There are two main functionalities of this script which are Remote Command Execution and Reverse shell
here below the reverse shell setup
Cyber Security Architect | Red/Blue Teaming | Exploit/Malware Analysis 