Exploit

[CombiWombi]

Hello!
I am looking for some exploit / malicious code.I have access to upload the code, but I do not know what to choose, powershell does not work blocked by the hosting.

 

[Th30C0der]

sorry i dont understand u mean u found file upload vulnerability and u wan't to exploit it ? or what

 

[Smallstone]

maybe a better explanation can make better understanding what you really want.
you want silent exploit ?

 

[CombiWombi]

yes, I have access to upload files to the site.

 

[Th30C0der]

yes, I have access to upload files to the site.

Then why you are uploading a powershell script ? and the script is not blocked by hosting i guess , and most of public hosting are using linux not windows in first place and even they use windows u can't direct run powershell shell script like this , what u need to do is upload a php shell like , wso shell then find the shell and open it on browser then u can start your next move check your priveleges , get all sites on server etc ...

 

[Geometry]

yes, I have access to upload files to the site.

What you need as Th30C0der said is a shell, an application that you can manage the server (file system, DBs, ftp, running commands, set a netcat listening at a specific port, etc...) according to the access rights the specific shell gets (actually, the access rights the specific user/process has), when you upload it.
Maybe the server has a defender mechanism that blocks the common shells, thus you need an encrypted one.

In addition, you must use a shell that is "compatible" (i.e. that runs) according to the server's settings.
For example:

• If it is a PHP site you need a PHP Shell.
• If is a .net site you need a VB.Net or C# shell
• For Java you need a JSP shell
• ..etc...