Malicious DLL Upload
I will be using the file upload feature loaded from FileUpload.dll file to upload the malicious DLL payload
Intercepting the upload request
I will have to rename the filename to save it under the /opt/components directory
Uploaded
The malicious DLL is loaded and exploit has been executed.
That’s the SSH private key of the tomas user
I will save it and use it against the target SSH server