Friday December 25th

Friday December 18th

Thursday December 3rd

Tuesday December 1st

Monday November 16th

Sunday November 15th

Friday November 6th

Tuesday November 3rd

Wednesday October 14th

1 Kicks

Easy Trick to Upload a Web Shell and Bypass AV Products

During a Pentesting Engagement I was able to identify an unrestricted file upload vulnerability. The logical step was to upload a web shell and compromise the server. The web server had an antivirus which was stopping the upload and the execution of the web shell. During the assessment I was in a hurry so I used standard ASPX shell from Kali Linux. In this article I will take a sample web shell from here https://github.com/rustyrobot/fuzzdb/blob/master/web-backdoors/asp/cmdasp.aspx  and show how can we utilize trivial techniques to bypass the antivirus product and get the shell uploaded successfully.

0 comments

Commenting on Stories is limited for now and will open up to those recommended by the community. Learn how
Loading InfoSecKicks...
brought to you by the Kicks Network