Moodle
Last updated
Last updated
Learn & practice AWS Hacking: Learn & practice GCP Hacking:
You need to have manager role and you can install plugins inside the "Site administration" tab**:**
Then, you can install the following plugin that contains the classic pentest-monkey php rev shell (before uploading it you need to decompress it, change the IP and port of the revshell and crompress it again)
To access launch the malicious plugin you need to access to:
Bug bounty tip: sign up for Intigriti, a premium bug bounty platform created by hackers, for hackers! Join us at today, and start earning bounties up to $100,000!
I found that the automatic tools are pretty useless finding vulnerabilities affecting the moodle version. You can check for them in
If you are manager you may still need to activate this option. You can see how ins the moodle privilege escalation PoC: .
Or you could use the plugin from to get a regular PHP shell with the "cmd" parameter.
Bug bounty tip: sign up for Intigriti, a premium bug bounty platform created by hackers, for hackers! Join us at today, and start earning bounties up to $100,000!
Learn & practice AWS Hacking: Learn & practice GCP Hacking:
Check the !
Join the 💬 or the or follow us on Twitter 🐦 .
Share hacking tricks by submitting PRs to the and github repos.