Description Summary
It is possible, with the 'shell commands' plugin, to execute code on the server, thereby allowing remote command execution (RCE)
Details
There are several things to consider, as it is possible, in the 'Path', to specify the command we want to execute. Moreover, in the [NAME] section for the computer's name, we can put whatever we want, be it a link or a command.
PoC
In the 'Path' section, we add the wget command
In the TAG, we put [NAME]
In 'Associated Item', we add 'computer'
Now, let's put a shell.php file on our computer and set up a web server
We create a new computer with our web server in the NAME section
In the 'Shell Commands' tab on the computer, we can launch our command
We can see that the command has been successfully executed
We start listening on our computer.
We go to the link where our shell.php file is located (it is accessible without authentication)
We have obtained a shell on the server
