reproducing it on test env

Open cnilsecure opened this issue 4 years ago • 0 comments

Hi, I am trying to reproduce this exploit on test environment without any luck i setup laravel which is vuln but i changed the log file (abra.log instead of laravel.log) my goal is to find out the new unknown log file name i started screen with fake-ftp.py its listening to 31337 in exploit.py i changed to my "attacker" ip and tried to attack my "victem" lab computer but i get python3 exploit.py 10.8.0.92 Traceback (most recent call last): File "/root/laravel-exploits/exploit.py", line 70, in print(re.search('(hxp{.*})', flag).group(1)) AttributeError: 'NoneType' object has no attribute 'group'

I tried to follow get_shell.py example and i tried to run it with nginx setup to evil php-fpm locally listening to port 9000 still no go same error any insight will be grateful.

Sep 14 '21 09:09 cnilsecure