reproducing it on test env #2
Description
Hi, I am trying to reproduce this exploit on test environment without any luck
i setup laravel which is vuln but i changed the log file (abra.log instead of laravel.log)
my goal is to find out the new unknown log file name
i started screen with fake-ftp.py its listening to 31337
in exploit.py i changed to my "attacker" ip and tried to attack my "victem" lab computer
but i get
python3 exploit.py 10.8.0.92
Traceback (most recent call last):
File "/root/laravel-exploits/exploit.py", line 70, in
print(re.search('(hxp{.*})', flag).group(1))
AttributeError: 'NoneType' object has no attribute 'group'
I tried to follow get_shell.py example and i tried to run it with nginx setup to evil php-fpm locally listening to port 9000
still no go same error
any insight will be grateful.