RCE

Links

• Reverse shell on a Node.js application
• commix Automated All-in-One OS Command Injection and Exploitation Tool
• Bookfresh case
• Encoding Web Shell in PNG IDAT chunks (post)
• Exploiting PHP-GD imagecreatefromgif() function (github repo)
• Series about webshells detection
• Exploit/bypass PHP escapeshellarg/escapeshellcmd functions
• GTFOBins is a curated list of Unix binaries that can be exploited by an attacker to bypass local security restrictions.
• LOLBAS Living Off The Land Binaries and Scripts (and also Libraries)
• FILE Structure Exploitation ('vtable' check bypass)
• Play with FILE Structure
• File Stream Pointer Overflow
• david942j/one_gadget The best tool for finding one gadget RCE in libc.so.6