Lab 6 - Blind Pentest


I have been following the instructions since none of this was taught in the course, unfortunately. I got to the point where I could successfully upload my shell.exe on to the website, but when I try to execute, as shown in the solutions, with php_include and php/exec payload, stating the shell.exe in the CMD, after verifying it’s there (since I can download it), I get the following:

Unable to continue. What am I doing wrong?

Are you trying to get a reverse shell via the website?
From the above image, i assume that you are trying to get a reverse shell using file inclusion with an exe.
Check what technology the website is running (php,aspx etc) and accordingly use the correct payload.
The idea is, if you are able to find an upload point and a way to execute it, then with the correct payload you can try to get a reverse shell.
If the site is running on php, upload a php revshell and try.

I am doing exactly that, php/exec payload - exactly as in INE’s solutions. For some reason I can’t get past this screenshot, it just fails.

Try with netcat, atleast you can see whether the reverse communication is happening or not. Most probably, it may be the payload problem.
For php, i usually use this php-reverse-shell | pentestmonkey

I don’t think it’s anything related to the shell.exe, it’s the initial foothold that’s not working. According to the solutions the next line should be:

[*] Sending stage (179779 bytes) to

I’m not getting that (in phg/exec). I am getting it in php/meterpreter/reverse_tcp but it dies out on me after 20 seconds, so the solution offered by INE was to upload a shell and execute it with php/exec.

Hello @frbrdan-e539c2dec7af,

I’ve replicated the initial foothold and got the shell working here. Please, double check the screenshot to make sure everything works as intended.