# 242 We have a webpage and it asks for authentication![](https://2519178678-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FuE2sPgM0QY6KfiTIG8Vs%2Fuploads%2Fgit-blob-87bb18d66cafca30156f4158085f3e49860e8212%2Fa0e0e4bd7f008daef368d609d37e9bb6.png?alt=media) Now using the credentials obtained from ftp at \[\[PG Practice/AuthBy/21]] We can login to the webpage: offsec:elite ![](https://2519178678-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FuE2sPgM0QY6KfiTIG8Vs%2Fuploads%2Fgit-blob-8efb89e3f42dd971dd1818ac314fac79c8b7a35f%2Fb09a36fb2ed949008ed11260ac9351ee.png?alt=media) Now we can see the page. It is the same as the *index.php* file in ftp ![](https://2519178678-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FuE2sPgM0QY6KfiTIG8Vs%2Fuploads%2Fgit-blob-5fed06c9991aa8b170cbc534749ff5f9c61a6fbd%2F5602f3778f9fb3c94698e2f8a5094ec3.png?alt=media) ![](https://2519178678-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FuE2sPgM0QY6KfiTIG8Vs%2Fuploads%2Fgit-blob-3ff44884d35e7e22b10aa78146aeca0793c9b9b2%2F816f7332914058a1499545b2a0d9f980.png?alt=media) So we can try to put a text file and check if it is accessible ``` echo "This is a test" > test.txt ``` Now in ftp: ``` put test.txt ``` ![](https://2519178678-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FuE2sPgM0QY6KfiTIG8Vs%2Fuploads%2Fgit-blob-5ad39b18847b8e048a9aece5bed4cd83d768b983%2F628982f7678c47994290b5ce5d5cb6e1.png?alt=media) It uploaded Now we can try to access this file in the webpage![](https://2519178678-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FuE2sPgM0QY6KfiTIG8Vs%2Fuploads%2Fgit-blob-d9a89c32ef6c542c1fb3d4d2fb3da86e2d17cae4%2Fcffa20ea72194f7ca6a0ffc8eabe3190.png?alt=media) It works. We can now try putting a php reverse shell. Go to revshells.com and get a reverse shell: ![](https://2519178678-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FuE2sPgM0QY6KfiTIG8Vs%2Fuploads%2Fgit-blob-e62a008a07471609b62fb9a56a28e8affc2d5e2b%2F05e9f7cb59c622660f7878489ed33d52.png?alt=media) We can save this in *php-reverse-shell.php* file And now upload in ftp: ``` put php-reverse-shell.php ``` and access it in browser: We get a shell: ``` rlwrap nc -nlvp 3389 ``` ![](https://2519178678-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FuE2sPgM0QY6KfiTIG8Vs%2Fuploads%2Fgit-blob-19daa9196df8a343e461b0868c3fc4a22b3d1bc3%2Fb645eefa707314be4dadf1634f04918e.png?alt=media)