You should start here: Part_1

Here is Part_3

Tools:

• Msfvenom
• Metasploit
• PHP
• Kali Linux

Intro

Picking up from where we left off in part one, let’s assume you have gained access to a panel control. Now, we will attempt to gain access to the server being use to control that website using a reverse shell. There are many ways to install a backdoor into a server, but in this case, we will use the 404.php file that comes with most Wordpress themes or just make a new one.

Before proceeding with the attack, it’s important to understand the logic behind our actions. As mentioned before, Bug Hunters often report vulnerabilities as soon as they are discovered, missing out on potentially larger rewards for their findings. LFI vulnerabilities should not be reported unless you have exhausted all efforts to obtain a reverse shell and were unable to do so. The fear of missing out on a good report can be overwhelming, but it’s important to remember that reporting unique vulnerabilities is what sets you apart from the rest. That’s what we will aim…