GITBOOK-4445: No subject

HackTricks-wiki · Dec 12, 2024 · 3332bf2 · 3332bf2
1 parent ae33d7c
commit 3332bf2
Showing 1 changed file with 6 additions and 13 deletions.
diff --git a/network-services-pentesting/pentesting-web/drupal/drupal-rce.md b/network-services-pentesting/pentesting-web/drupal/drupal-rce.md
@@ -21,20 +21,13 @@ Learn & practice GCP Hacking: <img src="../../../.gitbook/assets/grte.png" alt="
 In older versions of Drupal **(before version 8)**, it was possible to log in as an admin and **enable the `PHP filter` module**, which "Allows embedded PHP code/snippets to be evaluated." But from version 8 this module is not installed by default.
 {% endhint %}
 
-You need the **plugin php to be installed** (check it accessing to _/modules/php_ and if it returns a **403** then, **exists**, if **not found**, then the **plugin php isn't installed**)
-
-Go to _Modules_ -> (**Check**) _PHP Filter_ -> _Save configuration_
-
-![](<../../../.gitbook/assets/image (247) (1).png>)
-
-Then click on _Add content_ -> Select _Basic Page_ or _Article -_> Write _php shellcode on the body_ -> Select _PHP code_ in _Text format_ -> Select _Preview_
-
-![](<../../../.gitbook/assets/image (338).png>)
-
-Finally just access the newly created node:
+1. Go to **/modules/php** and if a 403 error is returned then the **PHP filter plugin is installed and you can continue**
+   1. If not, go to `Modules`  and check on the box of `PHP Filter` and then on `Save configuration`
+2. Then, to exploit it, click on `Add content` , then Select `Basic Page` or `Article` and write the **PHP backdoor**, then select `PHP` code in Text format and finally select `Preview`
+3. To trigger it, just access the newly created node:
 
 ```bash
-curl http://drupal-site.local/node/3
+curl http://drupal.local/node/3
 ```
 
 ## Install PHP Filter Module
@@ -48,7 +41,7 @@ From version **8 onwards, the** [**PHP Filter**](https://www.drupal.org/project/
 1. Download the most recent version of the module from the Drupal website.
    1. `wget https://ftp.drupal.org/files/projects/php-8.x-1.1.tar.gz`
 2. Once downloaded go to **`Administration`** > **`Reports`** > **`Available updates`**.
-3. Click on **`Browse`**`,` select the file from the directory we downloaded it to, and then click **`Install`**.
+3. Click on **`Browse`**, select the file from the directory we downloaded it to, and then click **`Install`**.
 4. Once the module is installed, we can click on **`Content`** and **create a new basic page**, similar to how we did in the Drupal 7 example. Again, be sure to **select `PHP code` from the `Text format` dropdown**.
 
 ## Backdoored Module