0

I am playing with a Linux CTF server and came across a kind of reverse connection block. I uploaded a php webshell, gained control of www-data user and tried to make a reverse shell.

Possible a UFW block at 1024~UP ports. In this server, I have SSH, FTP and HTTP services. Both SSH and FTP are ports above 1024. I have no ICMP communication between me and the machine, just loopback, even the Machine Gateway I cannot ping it.

So, if I can establish a HTTP session, I think which outbound port 80 is allowed, só I upload a new reverse shell php https://github.com/pentestmonkey/php-reverse-shell (That's what I thought) and triggered from website, by click, by curl, I thought this way the machine source connection will be port 80, but even so, that does not work.

Does anyone have an idea? How I can bypass this block?

schroeder
  • 123,438
  • 55
  • 284
  • 319
Shinomoto Asakura
  • 129
  • 1
  • 4
  • 1
    If you already manage to get a webshell running on the server, what is the point getting a reverse shell? Your assumption that TCP/80 outbound is allowed is false IMHO, the firewall in front of the server should allow inbound TCP/80, point. – Naoy Jun 07 '22 at 03:41
  • We have no detail on the server, so we're guessing. And it's a CTF, so you cannot trust that it is configured in a standard way. It sounds like you need to map out the firewall (or use your shell to read the firewall config ...) – schroeder Jun 07 '22 at 05:35
  • @Naoy, I have output limitions, example, sudo. Always I have a webshell a try to get to reverse shell. The server is allowed both in and out TCP/80. Do you think that I should to try to escalate the privilege through web shell? – Shinomoto Asakura Jun 07 '22 at 18:27
  • @schroeder I do have no permission with www-data user. – Shinomoto Asakura Jun 07 '22 at 18:28
  • then you need to map out the firewall – schroeder Jun 08 '22 at 10:03

0 Answers0